CVE-2013-1840
published 2013-03-22CVE-2013-1840: The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which…
low3.5CVSS 3.1
AVNACMAuSCPINAN
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glance | < glance 2012.1.1-5 (bookworm) | glance 2012.1.1-5 (bookworm) |
| glance_project | glance | >= 0 < 2012.1.1-5 | 2012.1.1-5 |
| glance_project | glance | >= 0 < 2012.1.1-5 | 2012.1.1-5 |
| glance_project | glance | >= 0 < 2012.1.1-5 | 2012.1.1-5 |
| glance_project | glance | >= 0 < 2012.1.1-5 | 2012.1.1-5 |
| glance_project | glance | >= 0 < 11.0.0a0 | 11.0.0a0 |
| openstack | glance | — | — |
CVSS provenance
nvd3.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.5LOW