CVE-2015-5271
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
7.5
HIGH
CVSS 3.1
EPSS 0.34%
Description
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
How to fix CVE-2015-5271
To remediate CVE-2015-5271, upgrade the affected package to a fixed version below.
- —upgrade to 0.8.7 or later
- —upgrade to 0.8.7 or later
Is CVE-2015-5271 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.7
- from 0, < 0.8.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |