CVE-2013-1840

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*
OR cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
OR cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*
cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*

Information

Published : 2013-03-22 14:55

Updated : 2017-08-28 18:33


NVD link : CVE-2013-1840

Mitre link : CVE-2013-1840


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

openstack

  • glance
  • essex
  • folsom
  • swift

amazon

  • s3_store