CVE-2017-8761

CWE-200Information ExposureCWE-532Log File Information ExposureCWE-1179 documents7 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 62.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Swift
Timeline
PublishedJun 2
Latest updateJun 8

Description

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDopenstack/swift2.11.02.13.0+2
PyPIswift< 2.15.2
Debianswift< 2.17.0-2+3

🔴Vulnerability Details

4
GHSA
Temporary urls leaked via logging2021-06-08
OSV
Temporary urls leaked via logging2021-06-08
CVEList
CVE-2017-8761: In OpenStack Swift through 22021-06-02
OSV
CVE-2017-8761: In OpenStack Swift through 22021-06-02

📋Vendor Advisories

2
Red Hat
openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles2020-05-27
Debian
CVE-2017-8761: swift - In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-...2017

💬Community

2
Bugzilla
CVE-2017-8761 openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles [openstack-rdo]2020-07-24
Bugzilla
CVE-2017-8761 openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles2020-06-23
CVE-2017-8761 (MEDIUM CVSS 4.3) | In OpenStack Swift through 2.10.1 | cvebase.io