OpenStack Swift Discloses Secret URLs to Timing Attack
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 16, 2023
Package
Affected versions
>= 1.4.6, <= 1.8.0
>= 1.9.0, <= 1.10.0
= 1.11.0
Patched versions
1.12.0
Description
Published by the National Vulnerability Database
Jan 23, 2014
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 16, 2023
Last updated
Aug 16, 2023
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
References