Bug 1173631 (CVE-2017-8761)

Summary: VUL-0: CVE-2017-8761: openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/262186/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-07-02 12:59:50 UTC 
CVE-2017-8761

The proxy server will log valid temporary urls, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended periods and/or when using central logging servers, accessed by operators that have no access to the Swift servers.

References:
https://bugs.launchpad.net/swift/+bug/1685798
https://bugzilla.redhat.com/show_bug.cgi?id=1850156
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8761
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8761.html
Comment 1 Wolfgang Frisch 2020-07-02 13:01:29 UTC 
>The new affect line is: >=2.11.0 <=2.13.1, >=2.14.0 <=2.15.1 
Not for us. Closing.