Comment 22 for bug 1453948
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: all PUT tempurls leak existence via DLO manifest attack | #22 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Thanks John.
Adding affiliation back to description:
Title: Information leak via Swift tempurls
Reporter: Richard Hawkins (Rackspace) and Swift core reviewers
Products: Swift
Affects: versions through 2.3.0
Description:
Richard Hawkins from Rackspace and Swift core reviewers reported a vulnerability in Swift tempurls. When in possession of a tempurl key authorized for PUT, a malicious actor may retrieve other objects in the same Swift account (tenant). All Swift setup are affected.