CVE-2013-1840

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*
OR cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
OR cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-03-22 21:55

Updated : 2023-12-10 11:16


NVD link : CVE-2013-1840

Mitre link : CVE-2013-1840

CVE.ORG link : CVE-2013-1840


JSON object : View

Products Affected

amazon

  • s3_store

openstack

  • glance
  • swift
  • folsom
  • essex
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor