269 matches found
openstack-glance: Glance Swift store backend password leak
OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...
CVE-2014-1948
OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...
DEBIAN-CVE-2014-1948
OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...
CVE-2014-1948
OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...
CVE-2014-1948
OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...
Fedora 20 : openstack-glance-2013.2.1-1.fc20 (2013-23680)
Update to Havana stable release 2013.2.1 Fixes 956815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
DEBIAN-CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
Design/Logic Flaw
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
Fedora 19 : openstack-glance-2013.1.4-2.fc19 (2013-19997)
Fixes 956815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...
Fedora Update for openstack-glance FEDORA-2013-19997
Check for the Version of openstack-glance OpenVAS Vulnerability Test Fedora Update for openstack-glance FEDORA-2013-19997 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for openstack-glance FEDORA-2013-19997
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update
Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Fedora Update for python-glanceclient FEDORA-2013-14814
Check for the Version of python-glanceclient OpenVAS Vulnerability Test Fedora Update for python-glanceclient FEDORA-2013-14814 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...
Fedora 20 : openstack-glance-2013.2-1.fc20 (2013-19519)
Havana GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...
DEBIAN-CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
USN-2004-1: python-glanceclient vulnerability
Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a machine-in-the-middle attack...
Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update
Updated openstack-glance packages that fix one security issue and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Glance: Backend credentials leak in Glance v1 API
The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...
CVE-2013-1840
The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...