Comment 9 for bug 1265665

Proposed impact description:

Title: Swift TempURL timing attack
Reporter: Samuel Merritt (SwiftStack)
Products: Swift
Affects: All supported versions

Samuel Merritt from SwiftStack reported a timing attack vulnerability in Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to files that were only intended to be publicly shared with specific recipients. Only Swift setups enabling the TempURL middleware are affected.