CVE-2017-8761

Published: Jun 2, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

Affected (3)

Products: Openstack: Swift

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Swift	Up to 2.10.1
Openstack Swift	From 2.11.0 to 2.13.0
Openstack Swift	Version 2.14.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://launchpad.net/bugs/1685798

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://launchpad.net/bugs/1685798

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.