CVE-2014-0006: OpenStack Swift Discloses Secret URLs to Timing Attack

May 17, 2022 (updated November 26, 2024)

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

References

bugs.launchpad.net/swift/+bug/1265665
github.com/advisories/GHSA-cf9m-q836-vf26
github.com/openstack/swift
github.com/openstack/swift/commit/754633988931e4095530f6b13389c254096eb485
github.com/pypa/advisory-database/tree/main/vulns/swift/PYSEC-2014-116.yaml
nvd.nist.gov/vuln/detail/CVE-2014-0006

Code Behaviors & Features

Detect and mitigate CVE-2014-0006 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →