CVE-2013-0212Sensitive Information Exposure in Project Glance

CWE-200Sensitive Information ExposureCWE-209Information Exposure via Error Message9 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
1.2%
top 21.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glance Project GlanceCanonical Ubuntu LinuxOpenstack Image Registry AND Delivery Service
Timeline
PublishedFeb 24
Latest updateMay 5

Description

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

PyPIglance_project/glance2012.12012.2.3
Debianglance_project/glance< 2012.1.1-4+3

Also affects: Ubuntu Linux 11.10, 12.04, 12.10

Patches

Patch: ubuntu.comPatch: bugzilla.redhat.comPatch: ubuntu.com

🔴Vulnerability Details

4
GHSA
OpenStack Glance logs user name and password in cleartext2022-05-05
OSV
OpenStack Glance logs user name and password in cleartext2022-05-05
OSV
CVE-2013-0212: store/swift2013-02-24
CVEList
CVE-2013-0212: store/swift2013-02-24

📋Vendor Advisories

3
Ubuntu
OpenStack Glance vulnerability2013-01-29
Red Hat
openstack-glance: Backend password leak in Glance error message2013-01-29
Debian
CVE-2013-0212: glance - store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2...2013

💬Community

1
Bugzilla
CVE-2013-0212 openstack-glance: Backend password leak in Glance error message2013-01-22
CVE-2013-0212 — Sensitive Information Exposure | cvebase