In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | swift | < 2.17.0-2 | swift_2.17.0-2_all.deb |
Debian | 11 | all | swift | < 2.17.0-2 | swift_2.17.0-2_all.deb |
Debian | 10 | all | swift | < 2.17.0-2 | swift_2.17.0-2_all.deb |
Debian | 999 | all | swift | < 2.17.0-2 | swift_2.17.0-2_all.deb |
Debian | 13 | all | swift | < 2.17.0-2 | swift_2.17.0-2_all.deb |