Please review the proposed impact description for a Swift advisory (assuming the solution in the attached patches will also work for supported stable/newton and stable/ocata branches), and let me know what needs to be clarified or corrected:
Title: Swift proxy-server logs tempurl signatures
Reporter: Christian Schwede (Red Hat)
Products: Swift
Affects: <=2.10.1, >=2.11.0 <=2.13.0
Description:
Christian Schwede with Red Hat reported a vulnerability in Swift. The proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
Please review the proposed impact description for a Swift advisory (assuming the solution in the attached patches will also work for supported stable/newton and stable/ocata branches), and let me know what needs to be clarified or corrected:
Title: Swift proxy-server logs tempurl signatures
Reporter: Christian Schwede (Red Hat)
Products: Swift
Affects: <=2.10.1, >=2.11.0 <=2.13.0
Description:
Christian Schwede with Red Hat reported a vulnerability in Swift. The proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.