Comment 17 for bug 1685798
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Swift tempurl middleware reveals signatures in the logfiles | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thanks John and Christian! So sounds like I can privately request a CVE assignment using the revised impact description below (with reporter details corrected and taking last week's 2.14.0 release on master into account), and we can hold off scheduling publication of the advisory and patches until we hear back from Tim:
Title: Swift proxy-server logs tempurl signatures
Reporter: Bülent Topcu (Turkcell)
Products: Swift
Affects: <=2.10.1, >=2.11.0 <=2.13.0, ==2.14.0
Description:
Bülent Topcu with Turkcell reported a vulnerability in Swift. The proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.