CVE-2017-8761

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-8761
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8761.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-8761
Aliases
Related
Published
2021-06-02T14:15:07Z
Modified
2025-01-14T06:58:50.616434Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

References

Affected packages

Debian:11 / swift

Package

Name
swift
Purl
pkg:deb/debian/swift?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / swift

Package

Name
swift
Purl
pkg:deb/debian/swift?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / swift

Package

Name
swift
Purl
pkg:deb/debian/swift?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/swift

Affected ranges

Type
GIT
Repo
https://github.com/openstack/swift
Events
Introduced
bf473ddc9d3fcb3a3fe516b5221a588c5b196a1d
Last affected
11bd6c82ecac8572cf9538a4d92a0361b382f1de
Last affected
3129a55d4418e0dc4207c2026e7ef8c59704c6a1
Last affected
408500320be39f3ea38ba3255cf1d8ee87ba3ac8

Affected versions

2.*

2.11.0
2.12.0
2.13.0