{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-02T13:45:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/bugs/1685798"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8761", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1685798", "refsource": "MISC", "url": "https://launchpad.net/bugs/1685798"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:48:22.443Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.net/bugs/1685798"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8761", "datePublished": "2021-06-02T13:45:46", "dateReserved": "2017-05-03T00:00:00", "dateUpdated": "2024-08-05T16:48:22.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "matchCriteriaId": "65898588-B51B-4705-AC87-B287ED51710E", "versionEndIncluding": "2.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB647119-891D-4DEB-964C-FD41C012C87A", "versionEndIncluding": "2.13.0", "versionStartIncluding": "2.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:swift:2.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "65B68489-C6F2-4BF1-B5CC-4257615C2CCD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected."}, {"lang": "es", "value": "En OpenStack Swift versiones hasta 2.10.1, versiones 2.11.0 hasta 2.13.0 y la versi\u00f3n 2.14.0, el servidor proxy registra las rutas tempurl completas, potencialmente filtrando firmas tempurl reutilizables a cualquiera que tenga acceso a estos registros. Todas las implantaciones de Swift que usen el middleware tempurl est\u00e1n afectadas"}], "id": "CVE-2017-8761", "lastModified": "2024-11-21T03:34:38.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-02T14:15:07.753", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1685798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1685798"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openstack-swift: logs valid temporary urls which could result in access to data by anyone with access to the logfiles", "id": "1850156", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850156"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-532", "details": ["In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.", "A flaw was found in openstack-swift, where the proxy server logs valid temporary URLs, that might be used to gain access to data by anyone with access to the logfiles. This is especially important with tempurls that are valid for extended periods or when using central logging servers, accessed by operators that have no access to the Swift servers. The highest threat from this vulnerability is to confidentiality."], "name": "CVE-2017-8761", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "openstack-swift", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Fix deferred", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Fix deferred", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16", "fix_state": "Fix deferred", "package_name": "openstack-swift", "product_name": "Red Hat OpenStack Platform 16 (Train)"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "openstack-swift", "product_name": "Red Hat Storage 3"}], "public_date": "2020-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-8761\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8761\nhttps://bugs.launchpad.net/swift/+bug/1685798"], "statement": "Openstack Swift is no longer supported with the recent release of Red Hat Gluster Storage 3.5, hence openstack-swift will not be updated for this flaw.", "threat_severity": "Low"}