Lucene search

[email protected]CVE-2013-1840

HistoryMar 22, 2013 - 9:55 p.m.

CVE-2013-1840

2013-03-2221:55:01

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-1840

openstack

glance

api

security vulnerability

credentials exposure

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator’s backend credentials via a request for a cached image.

Affected configurations

NVD

Node

openstackglanceMatchv1

AND

openstackessexMatch2012.1

openstackfolsomMatch2012.2

AND

amazons3_storeMatch-

openstackswiftMatch-

CPENameOperatorVersion
openstack:glanceopenstack glanceeqv1

CPE	Name	Operator	Version
openstack:glance	openstack glance	eq	v1

References

osvdb.org/91304

rhn.redhat.com/errata/RHSA-2013-0707.html

secunia.com/advisories/52565

www.openwall.com/lists/oss-security/2013/03/14/15

www.securityfocus.com/bid/58490

www.ubuntu.com/usn/USN-1764-1

bugs.launchpad.net/glance/+bug/1135541

exchange.xforce.ibmcloud.com/vulnerabilities/82878

review.openstack.org/#/c/24437/

review.openstack.org/#/c/24438/

review.openstack.org/#/c/24439/

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for CVE-2013-1840

ubuntu1 openvas2 veracode1 prion1 ubuntucve1 github1 nessus2 cvelist1 debiancve1 securityvulns2 nvd1 redhat1