The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-03-22 14:55
Updated : 2017-08-28 18:33
NVD link : CVE-2013-1840
Mitre link : CVE-2013-1840
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
openstack
- glance
- essex
- folsom
- swift
amazon
- s3_store