CVE-2017-8761

MEDIUM4.3EPSS 0.17%

Temporary urls leaked via logging

Published: 6/8/2021Modified: 12/2/2024

Also known as:GHSA-8fxc-qm65-vpxgDEBIAN-CVE-2017-8761

Description

In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

Affected packages (2)

Debian/swiftfrom 0, < 2.17.0-2
PyPI/swiftfrom 0, < 2.15.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-8761
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-8761
WEBhttps://bugs.launchpad.net/swift/+bug/1685798/comments/18
WEBhttps://launchpad.net/bugs/1685798