OSSA-2013-002: Backend password leak in Glance error message

Date:January 29, 2013
CVE:CVE-2013-0212

Affects

  • Glance: All versions

Description

Dan Prince of Red Hat discovered an issue in Glance error reporting. By creating an image in Glance by URL that references a mis-configured Swift endpoint, or if the Swift endpoint that a previously-ACTIVE image references for any reason becomes unusable, an authenticated user may access the Glance operator’s Swift credentials for that endpoint. Only setups that use the single-tenant Swift store are affected.

Credits

  • Dan Prince from Red Hat (CVE-2013-0212)

Table Of Contents

Previous topic

OSSA-2013-001: Boot from volume allows access to random volumes

Next topic

OSSA-2013-003: Keystone denial of service through invalid token requests

This Page

Navigation

© Copyright 2018, OpenStack Vulnerability Management Team. Freely licensed under CC BY 3.0. Propose changes to the ossa git repo. Last updated on 'Sun Sep 9 15:21:37 2018, commit 1a614a5'. Created using Sphinx 1.2.3.