CVE-2013-1840

Published: 14 March 2013

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

Priority

Medium

Status

Package Release Status
glance
Launchpad, Ubuntu, Debian
Upstream Pending
(2013.1~rc1)