Information disclosure in Openstack Image_registry_and_delivery_service_\(glance\)
CVE-2013-0212
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable…
Vulnerability class: Information Disclosure
EPSS: 0.011 (78.8th percentile) — read the EPSS interpretation.
Affected products
- Openstack Image_registry_and_delivery_service_\(glance\) — versions 2012.1, 2012.2, 2012.2.1
- Canonical Ubuntu_linux — versions 11.10, 12.04, 12.10
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM)
- [openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) (mailing-list, x_refsource_MLIST)
- USN-1710-1 (x_refsource_UBUNTU, vendor-advisory, Patch)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (Patch, x_refsource_MISC)
- RHSA-2013:0209 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- 51990 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2013-0212?
- CVE-2013-0212 is a vulnerability in Openstack Image_registry_and_delivery_service_\(glance\), classified under Information Disclosure. Published 2013-02-24.
- Is CVE-2013-0212 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.