CVE-2013-0212

Published: Feb 24, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

Affected (7)

Products: Openstack: Image Registry And Delivery Service (glance) · Canonical: Ubuntu Linux

1 product

Image Registry And Delivery Service (glance)

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Openstack Image Registry And Delivery Service (glance)	Version 2012.1
Openstack Image Registry And Delivery Service (glance)	Version 2012.2.1
Openstack Image Registry And Delivery Service (glance)	Version 2012.2.2
Openstack Image Registry And Delivery Service (glance)	Version 2012.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (24)

http://rhn.redhat.com/errata/RHSA-2013-0209.html

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51957

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/51990

Source: secalert@redhat.com

Vendor Advisory

http://ubuntu.com/usn/usn-1710-1

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2013/01/29/10

Source: secalert@redhat.com

https://bugs.launchpad.net/glance/+bug/1098962

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=902964

Source: secalert@redhat.com

Patch

https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7

Source: secalert@redhat.com

https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1

Source: secalert@redhat.com

https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89

Source: secalert@redhat.com

https://launchpad.net/glance/+milestone/2012.2.3

Source: secalert@redhat.com

https://lists.launchpad.net/openstack/msg20517.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0209.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/51957

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/51990

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://ubuntu.com/usn/usn-1710-1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2013/01/29/10

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/glance/+bug/1098962

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=902964

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89

Source: af854a3a-2127-422b-91ae-364da2661108

https://launchpad.net/glance/+milestone/2012.2.3

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.launchpad.net/openstack/msg20517.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.