CVE-2017-8761
Description
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenStack Swift proxy-server logs full tempurl paths, leaking signatures to log readers, allowing unauthorized data access.
Vulnerability
In OpenStack Swift, the proxy-server logs complete temporary URL (tempurl) paths, including the signatures that authenticate access. This affects all versions through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0 that use the tempurl middleware [1]. The signatures are reusable if they have not expired.
Exploitation
An attacker needs read access to the proxy-server logs to extract the full tempurl paths containing signatures. This can be achieved through log file exposure, log aggregation systems, or insider access. With the signature, the attacker can then access the resource protected by that tempurl without further authentication [2].
Impact
Successful exploitation allows unauthorized access to data protected by tempurls. If the tempurl has a long validity period, the attacker may repeatedly access the resource. This compromises the confidentiality of the stored data.
Mitigation
The vulnerability is fixed in Swift version 2.15.0 and later [2]. Users should upgrade to the latest supported release. As a temporary workaround, restrict access to proxy-server logs and use short-lived tempurls to limit the window of exposure.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
swiftPyPI | < 2.15.2 | 2.15.2 |
Affected products
2- OpenStack/Swiftdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-8fxc-qm65-vpxgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8761ghsaADVISORY
- bugs.launchpad.net/swift/+bug/1685798/comments/18ghsaWEB
- launchpad.net/bugs/1685798ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.