Bug 1173631 (CVE-2017-8761)

Summary: VUL-0: CVE-2017-8761: openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/262186/
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-07-02 12:59:50 UTC

The proxy server will log valid temporary urls, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended periods and/or when using central logging servers, accessed by operators that have no access to the Swift servers.

Comment 1 Wolfgang Frisch 2020-07-02 13:01:29 UTC
>The new affect line is: >=2.11.0 <=2.13.1, >=2.14.0 <=2.15.1 
Not for us. Closing.