OSSA-2013-002: Backend password leak in Glance error message

OSSA-2013-002: Backend password leak in Glance error message¶

Date:: January 29, 2013
CVE:: CVE-2013-0212

Affects¶

Glance: All versions

Description¶

Dan Prince of Red Hat discovered an issue in Glance error reporting. By creating an image in Glance by URL that references a mis-configured Swift endpoint, or if the Swift endpoint that a previously-ACTIVE image references for any reason becomes unusable, an authenticated user may access the Glance operator’s Swift credentials for that endpoint. Only setups that use the single-tenant Swift store are affected.

Patches¶

https://review.openstack.org/#/c/20697 (Essex)
https://review.openstack.org/#/c/20696 (Folsom)
https://review.openstack.org/#/c/20695 (Grizzly)

Credits¶

Dan Prince from Red Hat (CVE-2013-0212)

References¶

this page last updated: 2022-06-02 16:08:24

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.