CVE-2017-8761
Temporary urls leaked via logging
4.3
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
How to fix CVE-2017-8761
To remediate CVE-2017-8761, upgrade the affected package to a fixed version below.
- —upgrade to 2.17.0-2 or later
- —upgrade to 2.15.2 or later
Is CVE-2017-8761 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.17.0-2
- from 0, < 2.15.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |