Comment 21 for bug 1453948
Revision history for this message
| John Dickinson (notmyname) wrote Re: all PUT tempurls leak existence via DLO manifest attack | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Updated report description:
Title: Information leak via Swift tempurls
Reporter: Richard Hawkins and Swift core reviewers
Products: Swift
Affects: versions through 2.3.0
Description:
Richard Hawkins and Swift core reviewers reported a vulnerability in Swift tempurls. When in possession of a tempurl key authorized for PUT, a malicious actor may retrieve other objects in the same Swift account (tenant). All Swift setup are affected.