Red Hat Security Advisory 2014-0367-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.
78f1b540c0c847a43548ff429db2dc3a092e9d896f17cfe1e4093716cabd0252