CVE-2013-1840

CWE-200 — Information Exposure CWE-2019 documents8 sources

Severity

3.5LOW

EPSS

0.3%

top 43.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Glance

Timeline

PublishedMar 22

Latest updateMay 17

Description

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶NVDopenstack/glancev1

▶PyPIglance< 11.0.0a0

▶Debianglance< 2012.1.1-5+3

🔴Vulnerability Details

OSV

OpenStack Glance is vulnerable to Exposure of Sensitive Information↗2022-05-17

▶

GHSA

OpenStack Glance is vulnerable to Exposure of Sensitive Information↗2022-05-17

▶

CVEList

CVE-2013-1840: The v1 API in OpenStack Glance Essex (2012↗2013-03-22

▶

OSV

CVE-2013-1840: The v1 API in OpenStack Glance Essex (2012↗2013-03-22

▶

📋Vendor Advisories

Red Hat

CVE-2013-1840: The v1 API in OpenStack Glance Essex (2012↗2013-03-22

▶

Ubuntu

OpenStack Glance vulnerability↗2013-03-14

▶

Debian

CVE-2013-1840: glance - The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, whe...↗2013

▶

💬Community

Bugzilla

CVE-2013-1840 OpenStack Glance: Backend credentials leak in Glance v1 API↗2013-03-12

▶