{"id":"PYSEC-2014-116","details":"The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.","aliases":["CVE-2014-0006","GHSA-cf9m-q836-vf26"],"modified":"2024-11-25T22:42:23.749022Z","published":"2014-01-23T01:55:00Z","references":[{"type":"ADVISORY","url":"https://bugs.launchpad.net/swift/+bug/1265665"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2014/01/17/5"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0232.html"}],"affected":[{"package":{"name":"swift","ecosystem":"PyPI","purl":"pkg:pypi/swift"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.4.6"},{"last_affected":"1.8.0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/swift/PYSEC-2014-116.yaml"}},{"package":{"name":"swift","ecosystem":"PyPI","purl":"pkg:pypi/swift"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.9.0"},{"last_affected":"1.10.0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/swift/PYSEC-2014-116.yaml"}},{"package":{"name":"swift","ecosystem":"PyPI","purl":"pkg:pypi/swift"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.11.0"},{"fixed":"1.12.0"}]}],"versions":["1.11.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/swift/PYSEC-2014-116.yaml"}}],"schema_version":"1.7.3"}