CVE-2014-0006
HIGH7.5EPSS 0.42%OpenStack Swift Discloses Secret URLs to Timing Attack
Published: 5/17/2022Modified: 4/28/2026
Description
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
Affected packages (3)
- Debian/swiftfrom 0, < 1.11.0-2
- PyPI/swift>= 1.4.6, <= 1.8.0
- PyPI/swift>= 1.4.6, <= 1.8.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0006
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0006
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-0232.html
- WEBhttps://bugs.launchpad.net/swift/+bug/1265665
- WEBhttps://github.com/openstack/swift
- WEBhttps://github.com/openstack/swift/commit/754633988931e4095530f6b13389c254096eb485
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/swift/PYSEC-2014-116.yaml
- WEBhttp://www.openwall.com/lists/oss-security/2014/01/17/5