Bug 1173631 - (CVE-2017-8761) VUL-0: CVE-2017-8761: openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles
(CVE-2017-8761)
VUL-0: CVE-2017-8761: openstack-swift: logs valid temporary urls which could ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/262186/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-02 12:59 UTC by Wolfgang Frisch
Modified: 2020-07-02 13:01 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-07-02 12:59:50 UTC
CVE-2017-8761

The proxy server will log valid temporary urls, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended periods and/or when using central logging servers, accessed by operators that have no access to the Swift servers.

References:
https://bugs.launchpad.net/swift/+bug/1685798
https://bugzilla.redhat.com/show_bug.cgi?id=1850156
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8761
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8761.html
Comment 1 Wolfgang Frisch 2020-07-02 13:01:29 UTC
>The new affect line is: >=2.11.0 <=2.13.1, >=2.14.0 <=2.15.1 
Not for us. Closing.