GHSA-8fxc-qm65-vpxg

Source

https://github.com/advisories/GHSA-8fxc-qm65-vpxg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-8fxc-qm65-vpxg/GHSA-8fxc-qm65-vpxg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8fxc-qm65-vpxg

Aliases

CVE-2017-8761

Published

2021-06-08T19:23:22Z

Modified

2024-12-02T05:45:38.702006Z

Summary

Temporary urls leaked via logging

Details

In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

Database specific

{
    "nvd_published_at": "2021-06-02T14:15:00Z",
    "cwe_ids": [
        "CWE-117",
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-03T21:08:32Z"
}

References

Affected packages

PyPI / swift

Package

Name: swift; View open source insights on deps.dev
Purl: pkg:pypi/swift

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.15.2

Affected versions

1.*

1.0.2