PT-2017-4159 · Openstack · Openstack Swift
Bülent Topcu
+1
·
Published
2017-04-24
·
Updated
2021-06-11
·
CVE-2017-8761
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Swift versions 2.10.1 and earlier
OpenStack Swift versions 2.11.0 through 2.13.0
OpenStack Swift version 2.14.0
OpenStack Swift versions prior to 2.15.2
Description
The issue is related to the proxy-server logging full tempurl paths in OpenStack Swift, potentially leaking reusable tempurl signatures to anyone with read access to these logs. This could allow a remote attacker to access confidential data. All Swift deployments using the tempurl middleware are affected.
Recommendations
For OpenStack Swift versions 2.10.1 and earlier, update to version 2.15.2 or later to resolve the issue.
For OpenStack Swift versions 2.11.0 through 2.13.0, update to version 2.15.2 or later to resolve the issue.
For OpenStack Swift version 2.14.0, update to version 2.15.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the proxy-server logs to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openstack Swift