Comment 18 for bug 1453948
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: all PUT tempurls leak existence via DLO manifest attack | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@notmyname, would it makes sense to solve both bug 1453948 and bug 1449212 with a single OSSA/CVE ? If so, would that updated impact description good enough to cover both cases ?
Title: Information leak via Swift tempurls
Reporter: Richard Hawkins (Rackspace)
Products: Swift
Affects: versions through 2.2.0, and 2.2.1 versions through 2.3.0
Description:
Richard Hawkins from Rackspace reported a vulnerability in Swift tempurls. When in possession of a tempurl key for a Swift container, a malicious actor may retrieve objects within any other containers for the same Swift account (tenant). All Swift setup are affected.