CVE-2013-0212
openstack-glance: Backend password leak in Glance error message
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
store/swift.py en OpenStack Glance Essex (2012.1), Folsom (2012.2) anterior a 2012.2.3, y Grizzly, cuando el modo singe tenant en Swift, guarda el usuario Swift remoto y el password en texto plano cuando el punto remoto es mal configurado, lo que permite a usuarios remotos autenticados obtener informaciĆ³n sensible mediante la lectura de mensajes de error.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-01-30 CVE Published
- 2022-04-24 First Exploit
- 2024-03-20 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-209: Generation of Error Message Containing Sensitive Information
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/01/29/10 | Mailing List |
|
| https://bugs.launchpad.net/glance/+bug/1098962 | X_refsource_confirm | |
| https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7 | X_refsource_confirm | |
| https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1 | X_refsource_confirm | |
| https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89 | X_refsource_confirm | |
| https://launchpad.net/glance/+milestone/2012.2.3 | X_refsource_confirm | |
| https://lists.launchpad.net/openstack/msg20517.html | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://github.com/LogSec/CVE-2013-0212 | 2022-04-24 |
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-1710-1 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=902964 | 2013-01-30 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0209.html | 2023-02-13 | |
| http://secunia.com/advisories/51957 | 2023-02-13 | |
| http://secunia.com/advisories/51990 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-0212 | 2013-01-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2012.1 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2012.1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2012.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2012.2" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2012.2.1 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2012.2.1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" | 2012.2.2 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2012.2.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 11.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10" | - |
Affected
| ||||||