Leakage of Reusable TempURL Signatures in OpenStack Swift

Leakage of Reusable TempURL Signatures in OpenStack Swift

CVE-2017-8761 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

Learn more about our Cis Benchmark Audit For Server Software.