Information Disclosure in OpenStack Glance by Vendor OpenStack
CVE-2013-1840
Currently unrated
Summary
The v1 API in OpenStack Glance for the Essex, Folsom, and Grizzly releases can reveal backend credentials of the operator when using a single-tenant Swift or S3 store. This happens via a request for a cached image, which exposes sensitive information to authenticated remote users. Proper measures should be implemented to secure the API and mitigate potential exploitation by ensuring that sensitive location fields are not disclosed.
References
Timeline
Vulnerability published
Vulnerability Reserved