Published: 22/03/2013 Updated: 29/08/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack glance v1

Synopsis Moderate: openstack-glance security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated openstack-glance packages that fix one security issue and variousbugs are now available for Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as having mode ...

Debian Bug report logs - #703063 CVE-2013-1840: Backend credentials leak in Glance v1 API Package: src:glance; Maintainer for src:glance is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Thu, 14 Mar 2013 20:51:01 UTC Severity: grave Tags: security Fixed in v ...

Glance could be made to expose sensitive information over the network ...

CWE-200 http://www.openwall.com/lists/oss-security/2013/03/14/15 http://osvdb.org/91304 http://secunia.com/advisories/52565 http://www.securityfocus.com/bid/58490 https://review.openstack.org/#/c/24439/https://review.openstack.org/#/c/24438/http://www.ubuntu.com/usn/USN-1764-1 https://bugs.launchpad.net/glance/+bug/1135541 https://review.openstack.org/#/c/24437/http://rhn.redhat.com/errata/RHSA-2013-0707.html https://exchange.xforce.ibmcloud.com/vulnerabilities/82878 https://access.redhat.com/errata/RHSA-2013:0707 https://usn.ubuntu.com/1764-1/https://nvd.nist.gov

CVE-2013-1840

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect