CVE-2013-0212

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
Severity
UNKNOWN
AV:N/AC:L/Au:S/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
openstackimage_registry_and_delivery_service_\(glance\)
2012.1
openstackimage_registry_and_delivery_service_\(glance\)
2012.2
openstackimage_registry_and_delivery_service_\(glance\)
2012.2.1
openstackimage_registry_and_delivery_service_\(glance\)
2012.2.2
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bullseye
2:21.0.0-2+deb11u1
fixed
bullseye (security)
2:21.1.0-1+deb11u2
fixed
bookworm
2:25.1.0-2+deb12u1
fixed
bookworm (security)
2:25.1.0-2+deb12u1
fixed
sid
2:29.0.0-1
fixed
trixie
2:29.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
quantal
Fixed 2012.2.1-0ubuntu1.1
released
precise
Fixed 2012.1.3+stable~20120821-120fcf-0ubuntu1.3
released
oneiric
Fixed 2011.3-0ubuntu4.2
released
lucid
dne
hardy
dne