CVE-2017-8761

Description

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

Affected Software
References

Software	From	Fixed in
openstack / swift	-	2.10.1.x
openstack / swift	2.11.0	2.13.0.x
openstack / swift	2.14.0	2.14.0.x
swift	-	2.15.2

https://bugs.launchpad.net/swift/+bug/1685798/comments/18
https://launchpad.net/bugs/1685798

Severity: Low

CVE: CVE-2017-8761
GHSA: GHSA-8fxc-qm65-vpxg
Published: Jun 2, 2021
Updated: May 9, 2024
Exploit:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200
CWE-117

CVE-2017-8761

Description

Details

CVSS v3

CVSS v2

CWEs