Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-8761

Опубликовано: 27 мая 2020
Источник: redhat
CVSS3: 2.2

Описание

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

A flaw was found in openstack-swift, where the proxy server logs valid temporary URLs, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended periods or when using central logging servers, accessed by operators that have no access to the Swift servers. The highest threat from this vulnerability is to confidentiality.

Отчет

Openstack Swift is no longer supported with the recent release of Red Hat Gluster Storage 3.5, hence openstack-swift will not be updated for this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Fuse 6openstack-swiftOut of support scope
Red Hat OpenStack Platform 10 (Newton)openstack-swiftOut of support scope
Red Hat OpenStack Platform 13 (Queens)openstack-swiftFix deferred
Red Hat OpenStack Platform 15 (Stein)openstack-swiftFix deferred
Red Hat OpenStack Platform 16.1openstack-swiftFix deferred
Red Hat OpenStack Platform 16.2openstack-swiftFix deferred
Red Hat OpenStack Platform 16 (Train)openstack-swiftFix deferred
Red Hat Storage 3openstack-swiftOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1850156openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles

2.2 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-8761

CVSS3: 4.3
ubuntu
больше 4 лет назад

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

nvd логотип

CVE-2017-8761

CVSS3: 4.3
nvd
больше 4 лет назад

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

debian логотип

CVE-2017-8761

CVSS3: 4.3
debian
больше 4 лет назад

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, ...

github логотип

GHSA-8fxc-qm65-vpxg

github
больше 4 лет назад

Temporary urls leaked via logging

fstec логотип

BDU:2021-04616

CVSS3: 4.3
fstec
почти 9 лет назад

Уязвимость логов proxy-сервера промежуточного ПО tempurl распределенной системы хранения объектов Swift, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

2.2 Low

CVSS3