Comment 12 for bug 1685798
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Swift tempurl middleware reveals signatures in the logfiles | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Please review the proposed impact description for a Swift advisory (assuming the solution in the attached patches will also work for supported stable/newton and stable/ocata branches), and let me know what needs to be clarified or corrected:
Title: Swift proxy-server logs tempurl signatures
Reporter: Christian Schwede (Red Hat)
Products: Swift
Affects: <=2.10.1, >=2.11.0 <=2.13.0
Description:
Christian Schwede with Red Hat reported a vulnerability in Swift. The proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.