Vulnerability Details CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.8%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Products affected by CVE-2017-8761
-
cpe:2.3:a:openstack:swift:-
-
cpe:2.3:a:openstack:swift:1.0.0
-
cpe:2.3:a:openstack:swift:1.0.1
-
cpe:2.3:a:openstack:swift:1.0.2
-
cpe:2.3:a:openstack:swift:1.1.0
-
cpe:2.3:a:openstack:swift:1.10.0
-
cpe:2.3:a:openstack:swift:1.11.0
-
cpe:2.3:a:openstack:swift:1.12.0
-
cpe:2.3:a:openstack:swift:1.13.0
-
cpe:2.3:a:openstack:swift:1.13.1
-
cpe:2.3:a:openstack:swift:1.2.0
-
cpe:2.3:a:openstack:swift:1.3.0
-
cpe:2.3:a:openstack:swift:1.4.0
-
cpe:2.3:a:openstack:swift:1.4.1
-
cpe:2.3:a:openstack:swift:1.4.2
-
cpe:2.3:a:openstack:swift:1.4.3
-
cpe:2.3:a:openstack:swift:1.4.4
-
cpe:2.3:a:openstack:swift:1.4.5
-
cpe:2.3:a:openstack:swift:1.4.6
-
cpe:2.3:a:openstack:swift:1.4.7
-
cpe:2.3:a:openstack:swift:1.4.8
-
cpe:2.3:a:openstack:swift:1.5.0
-
cpe:2.3:a:openstack:swift:1.6.0
-
cpe:2.3:a:openstack:swift:1.7.0
-
cpe:2.3:a:openstack:swift:1.7.2
-
cpe:2.3:a:openstack:swift:1.7.4
-
cpe:2.3:a:openstack:swift:1.7.5
-
cpe:2.3:a:openstack:swift:1.7.6
-
cpe:2.3:a:openstack:swift:1.8.0
-
cpe:2.3:a:openstack:swift:1.9.0
-
cpe:2.3:a:openstack:swift:1.9.1
-
cpe:2.3:a:openstack:swift:1.9.2
-
cpe:2.3:a:openstack:swift:2.0.0
-
cpe:2.3:a:openstack:swift:2.1.0
-
cpe:2.3:a:openstack:swift:2.10.0
-
cpe:2.3:a:openstack:swift:2.10.1
-
cpe:2.3:a:openstack:swift:2.11.0
-
cpe:2.3:a:openstack:swift:2.12.0
-
cpe:2.3:a:openstack:swift:2.13.0
-
cpe:2.3:a:openstack:swift:2.14.0
-
cpe:2.3:a:openstack:swift:2.2.0
-
cpe:2.3:a:openstack:swift:2.2.1
-
cpe:2.3:a:openstack:swift:2.2.2
-
cpe:2.3:a:openstack:swift:2.3.0
-
cpe:2.3:a:openstack:swift:2.4.0
-
cpe:2.3:a:openstack:swift:2.5.0
-
cpe:2.3:a:openstack:swift:2.6.0
-
cpe:2.3:a:openstack:swift:2.7.0
-
cpe:2.3:a:openstack:swift:2.7.1
-
cpe:2.3:a:openstack:swift:2.8.0
-
cpe:2.3:a:openstack:swift:2.9.0