cvelistv5 - cve-2013-0212

CVE-2013-0212 (GCVE-0-2013-0212)

Vulnerability from cvelistv5

Published

2013-02-24 21:00

Modified

2024-08-06 14:18

Severity ?

CWE

Summary

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

References

►

URL

Tags

secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0209.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/51957	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/51990	Vendor Advisory
secalert@redhat.com	http://ubuntu.com/usn/usn-1710-1	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/01/29/10
secalert@redhat.com	https://bugs.launchpad.net/glance/+bug/1098962
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=902964	Patch
secalert@redhat.com	https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
secalert@redhat.com	https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
secalert@redhat.com	https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
secalert@redhat.com	https://launchpad.net/glance/+milestone/2012.2.3
secalert@redhat.com	https://lists.launchpad.net/openstack/msg20517.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0209.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51957	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51990	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-1710-1	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/01/29/10
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/glance/+bug/1098962
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=902964	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.net/glance/+milestone/2012.2.3
af854a3a-2127-422b-91ae-364da2661108	https://lists.launchpad.net/openstack/msg20517.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
          },
          {
            "name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.launchpad.net/openstack/msg20517.html"
          },
          {
            "name": "USN-1710-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1710-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1098962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/glance/+milestone/2012.2.3"
          },
          {
            "name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
          },
          {
            "name": "RHSA-2013:0209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
          },
          {
            "name": "51990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51990"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
          },
          {
            "name": "51957",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51957"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-24T21:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
        },
        {
          "name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.launchpad.net/openstack/msg20517.html"
        },
        {
          "name": "USN-1710-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1710-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1098962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.net/glance/+milestone/2012.2.3"
        },
        {
          "name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
        },
        {
          "name": "RHSA-2013:0209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
        },
        {
          "name": "51990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51990"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
        },
        {
          "name": "51957",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51957"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0212",
    "datePublished": "2013-02-24T21:00:00Z",
    "dateReserved": "2012-12-06T00:00:00Z",
    "dateUpdated": "2024-08-06T14:18:09.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-0212\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-02-24T21:55:01.143\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.\"},{\"lang\":\"es\",\"value\":\"store/swift.py en OpenStack Glance Essex (2012.1), Folsom (2012.2) anterior a 2012.2.3, y Grizzly, cuando el modo singe tenant en Swift, guarda el usuario Swift remoto y el password en texto plano cuando el punto remoto es mal configurado, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de mensajes de error.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2012.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD405A64-CF2D-46A0-B19F-5633E0DE1427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2012.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936ABA46-0574-4A7F-A11D-193B32747A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2012.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E022F41C-3239-4663-9129-E8A871EA5B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2012.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09ACB383-AA30-4E23-A85E-A68E0A72B596\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4174F4F-149E-41A6-BBCC-D01114C05F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*\",\"matchCriteriaId\":\"F5D324C4-97C7-49D3-A809-9EAD4B690C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0209.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/51957\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/51990\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ubuntu.com/usn/usn-1710-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/01/29/10\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.launchpad.net/glance/+bug/1098962\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=902964\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://launchpad.net/glance/+milestone/2012.2.3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.launchpad.net/openstack/msg20517.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/51957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/51990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ubuntu.com/usn/usn-1710-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/01/29/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/glance/+bug/1098962\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=902964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://launchpad.net/glance/+milestone/2012.2.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.launchpad.net/openstack/msg20517.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per http://www.ubuntu.com/usn/usn-1710-1/\\nA security issue affects these releases of Ubuntu and its derivatives:\\nUbuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10\"}}"
  }
}

pysec-2013-37

Vulnerability from pysec

Published

2013-02-24 21:55

Modified

2024-11-21 14:22

Details

Impacted products

Name	purl
glance	pkg:pypi/glance

Aliases

CVE-2013-0212

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glance",
        "purl": "pkg:pypi/glance"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "e96273112b5b5da58d970796b7cfce04c5030a89"
            },
            {
              "fixed": "37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
            },
            {
              "fixed": "96a470be64adcef97f235ca96ed3c59ed954a4c1"
            }
          ],
          "repo": "https://github.com/openstack/glance",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "15.0.2",
        "17.0.1",
        "18.0.0",
        "18.0.0.0b1",
        "18.0.0.0rc1",
        "18.0.1",
        "19.0.0",
        "19.0.0.0b1",
        "19.0.0.0rc1",
        "19.0.0.0rc2",
        "19.0.1",
        "19.0.2",
        "19.0.3",
        "19.0.4",
        "20.0.0",
        "20.0.0.0b1",
        "20.0.0.0b2",
        "20.0.0.0b3",
        "20.0.0.0rc1",
        "20.0.0.0rc2",
        "20.0.1",
        "20.1.0",
        "20.2.0",
        "21.0.0",
        "21.0.0.0b1",
        "21.0.0.0b2",
        "21.0.0.0rc1",
        "21.0.0.0rc2",
        "21.1.0",
        "22.0.0",
        "22.0.0.0b2",
        "22.0.0.0b3",
        "22.0.0.0rc1",
        "22.1.0",
        "22.1.1",
        "23.0.0",
        "23.0.0.0b2",
        "23.0.0.0b3",
        "23.0.0.0rc1",
        "23.0.0.0rc2",
        "23.1.0",
        "24.0.0",
        "24.0.0.0rc1",
        "24.1.0",
        "24.2.0",
        "24.2.1",
        "25.0.0",
        "25.0.0.0b2",
        "25.0.0.0b3",
        "25.0.0.0rc1",
        "25.1.0",
        "26.0.0",
        "26.0.0.0b2",
        "26.0.0.0b3",
        "26.0.0.0rc1",
        "26.1.0",
        "27.0.0",
        "27.0.0.0b1",
        "27.0.0.0b2",
        "27.0.0.0rc1",
        "27.1.0",
        "28.0.0",
        "28.0.0.0b2",
        "28.0.0.0rc1",
        "28.0.1",
        "28.1.0",
        "29.0.0",
        "29.0.0.0b1",
        "29.0.0.0b2",
        "29.0.0.0b3",
        "29.0.0.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2013-0212"
  ],
  "details": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.",
  "id": "PYSEC-2013-37",
  "modified": "2024-11-21T14:22:51.177765Z",
  "published": "2013-02-24T21:55:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
    },
    {
      "type": "WEB",
      "url": "https://lists.launchpad.net/openstack/msg20517.html"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
    },
    {
      "type": "FIX",
      "url": "http://ubuntu.com/usn/usn-1710-1"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/51990"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/glance/+milestone/2012.2.3"
    },
    {
      "type": "ADVISORY",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/glance/+bug/1098962"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/51957"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
    }
  ],
  "withdrawn": "2024-11-22T04:37:04Z"
}

ghsa-xv7j-2v4w-cjvh

Vulnerability from github

Published

2022-05-05 02:48

Modified

2024-11-22 20:19

Summary

OpenStack Glance logs user name and password in cleartext

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glance"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2012.1"
            },
            {
              "fixed": "2012.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-0212"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-22T20:19:01Z",
    "nvd_published_at": "2013-02-24T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.",
  "id": "GHSA-xv7j-2v4w-cjvh",
  "modified": "2024-11-22T20:19:01Z",
  "published": "2022-05-05T02:48:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0212"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:0209"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-0212"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/glance/+bug/1098962"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/glance"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yaml"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/glance/+milestone/2012.2.3"
    },
    {
      "type": "WEB",
      "url": "https://lists.launchpad.net/openstack/msg20517.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1710-1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "OpenStack Glance logs user name and password in cleartext "
}

gsd-2013-0212

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-0212

Aliases

CVE-2013-0212

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-0212",
    "description": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.",
    "id": "GSD-2013-0212",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-0212.html",
      "https://access.redhat.com/errata/RHSA-2013:0209"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-0212"
      ],
      "details": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.",
      "id": "GSD-2013-0212",
      "modified": "2023-12-13T01:22:14.657137Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-0212",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-0209.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
          },
          {
            "name": "http://secunia.com/advisories/51957",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/51957"
          },
          {
            "name": "http://secunia.com/advisories/51990",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/51990"
          },
          {
            "name": "http://ubuntu.com/usn/usn-1710-1",
            "refsource": "MISC",
            "url": "http://ubuntu.com/usn/usn-1710-1"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/01/29/10",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
          },
          {
            "name": "https://bugs.launchpad.net/glance/+bug/1098962",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/glance/+bug/1098962"
          },
          {
            "name": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7",
            "refsource": "MISC",
            "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
          },
          {
            "name": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1",
            "refsource": "MISC",
            "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
          },
          {
            "name": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89",
            "refsource": "MISC",
            "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
          },
          {
            "name": "https://launchpad.net/glance/+milestone/2012.2.3",
            "refsource": "MISC",
            "url": "https://launchpad.net/glance/+milestone/2012.2.3"
          },
          {
            "name": "https://lists.launchpad.net/openstack/msg20517.html",
            "refsource": "MISC",
            "url": "https://lists.launchpad.net/openstack/msg20517.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902964",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0212"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902964",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
            },
            {
              "name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
            },
            {
              "name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.launchpad.net/openstack/msg20517.html"
            },
            {
              "name": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
            },
            {
              "name": "USN-1710-1",
              "refsource": "UBUNTU",
              "tags": [
                "Patch"
              ],
              "url": "http://ubuntu.com/usn/usn-1710-1"
            },
            {
              "name": "51990",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/51990"
            },
            {
              "name": "https://launchpad.net/glance/+milestone/2012.2.3",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://launchpad.net/glance/+milestone/2012.2.3"
            },
            {
              "name": "RHSA-2013:0209",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1098962",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.launchpad.net/glance/+bug/1098962"
            },
            {
              "name": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
            },
            {
              "name": "51957",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/51957"
            },
            {
              "name": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:38Z",
      "publishedDate": "2013-02-24T21:55Z"
    }
  }
}

fkie_cve-2013-0212

Vulnerability from fkie_nvd

Published

2013-02-24 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0209.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/51957	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/51990	Vendor Advisory
secalert@redhat.com	http://ubuntu.com/usn/usn-1710-1	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/01/29/10
secalert@redhat.com	https://bugs.launchpad.net/glance/+bug/1098962
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=902964	Patch
secalert@redhat.com	https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
secalert@redhat.com	https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
secalert@redhat.com	https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
secalert@redhat.com	https://launchpad.net/glance/+milestone/2012.2.3
secalert@redhat.com	https://lists.launchpad.net/openstack/msg20517.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0209.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51957	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51990	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-1710-1	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/01/29/10
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/glance/+bug/1098962
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=902964	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.net/glance/+milestone/2012.2.3
af854a3a-2127-422b-91ae-364da2661108	https://lists.launchpad.net/openstack/msg20517.html

Impacted products

Vendor	Product	Version
openstack	image_registry_and_delivery_service_\(glance\)	2012.1
openstack	image_registry_and_delivery_service_\(glance\)	2012.2
openstack	image_registry_and_delivery_service_\(glance\)	2012.2.1
openstack	image_registry_and_delivery_service_\(glance\)	2012.2.2
canonical	ubuntu_linux	11.10
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD405A64-CF2D-46A0-B19F-5633E0DE1427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936ABA46-0574-4A7F-A11D-193B32747A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E022F41C-3239-4663-9129-E8A871EA5B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ACB383-AA30-4E23-A85E-A68E0A72B596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
    },
    {
      "lang": "es",
      "value": "store/swift.py en OpenStack Glance Essex (2012.1), Folsom (2012.2) anterior a 2012.2.3, y Grizzly, cuando el modo singe tenant en Swift, guarda el usuario Swift remoto y el password en texto plano cuando el punto remoto es mal configurado, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de mensajes de error."
    }
  ],
  "evaluatorComment": "Per http://www.ubuntu.com/usn/usn-1710-1/\nA security issue affects these releases of Ubuntu and its derivatives:\nUbuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10",
  "id": "CVE-2013-0212",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-24T21:55:01.143",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51957"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51990"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://ubuntu.com/usn/usn-1710-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/glance/+bug/1098962"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/glance/+milestone/2012.2.3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.launchpad.net/openstack/msg20517.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ubuntu.com/usn/usn-1710-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1098962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/glance/+milestone/2012.2.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.launchpad.net/openstack/msg20517.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

rhsa-2013:0209

Vulnerability from csaf_redhat

Published

2013-01-30 21:00

Modified

2024-11-22 06:10

Summary

Red Hat Security Advisory: openstack-glance security update

Notes

Topic

Updated openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

These packages provide a service (code name Glance) that acts as a registry for virtual machine images. It was found that when the OpenStack Glance front-end communicated with an OpenStack Swift endpoint, the operator credentials could be logged in plain text when certain errors occurred during new image creation. An authenticated user could use this flaw to gain administrative access to an OpenStack Swift endpoint. (CVE-2013-0212) This issue was discovered by Dan Prince of Red Hat. All users of openstack-glance are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-glance packages that fix one security issue are now\navailable for Red Hat OpenStack Folsom.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "These packages provide a service (code name Glance) that acts as a registry\nfor virtual machine images.\n\nIt was found that when the OpenStack Glance front-end communicated with an\nOpenStack Swift endpoint, the operator credentials could be logged in\nplain text when certain errors occurred during new image creation. An\nauthenticated user could use this flaw to gain administrative access to an\nOpenStack Swift endpoint. (CVE-2013-0212)\n\nThis issue was discovered by Dan Prince of Red Hat.\n\nAll users of openstack-glance are advised to upgrade to these updated\npackages, which correct this issue. After installing the updated packages,\nthe Glance services (openstack-glance-api and openstack-glance-registry)\nwill be restarted automatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0209",
        "url": "https://access.redhat.com/errata/RHSA-2013:0209"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "902964",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0209.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-glance security update",
    "tracking": {
      "current_release_date": "2024-11-22T06:10:44+00:00",
      "generator": {
        "date": "2024-11-22T06:10:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2013:0209",
      "initial_release_date": "2013-01-30T21:00:00+00:00",
      "revision_history": [
        {
          "date": "2013-01-30T21:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-01-30T21:04:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T06:10:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenStack Folsom",
                "product": {
                  "name": "OpenStack Folsom",
                  "product_id": "6Server-Folsom",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:2::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-0:2012.2.1-4.el6ost.noarch",
                "product": {
                  "name": "openstack-glance-0:2012.2.1-4.el6ost.noarch",
                  "product_id": "openstack-glance-0:2012.2.1-4.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2012.2.1-4.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
                "product": {
                  "name": "openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
                  "product_id": "openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance-doc@2012.2.1-4.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-0:2012.2.1-4.el6ost.noarch",
                "product": {
                  "name": "python-glance-0:2012.2.1-4.el6ost.noarch",
                  "product_id": "python-glance-0:2012.2.1-4.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-glance@2012.2.1-4.el6ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-0:2012.2.1-4.el6ost.src",
                "product": {
                  "name": "openstack-glance-0:2012.2.1-4.el6ost.src",
                  "product_id": "openstack-glance-0:2012.2.1-4.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2012.2.1-4.el6ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2012.2.1-4.el6ost.noarch as a component of OpenStack Folsom",
          "product_id": "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.noarch"
        },
        "product_reference": "openstack-glance-0:2012.2.1-4.el6ost.noarch",
        "relates_to_product_reference": "6Server-Folsom"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2012.2.1-4.el6ost.src as a component of OpenStack Folsom",
          "product_id": "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.src"
        },
        "product_reference": "openstack-glance-0:2012.2.1-4.el6ost.src",
        "relates_to_product_reference": "6Server-Folsom"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-0:2012.2.1-4.el6ost.noarch as a component of OpenStack Folsom",
          "product_id": "6Server-Folsom:openstack-glance-doc-0:2012.2.1-4.el6ost.noarch"
        },
        "product_reference": "openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
        "relates_to_product_reference": "6Server-Folsom"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-0:2012.2.1-4.el6ost.noarch as a component of OpenStack Folsom",
          "product_id": "6Server-Folsom:python-glance-0:2012.2.1-4.el6ost.noarch"
        },
        "product_reference": "python-glance-0:2012.2.1-4.el6ost.noarch",
        "relates_to_product_reference": "6Server-Folsom"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Dan Prince"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2013-0212",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2013-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "902964"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openstack-glance: Backend password leak in Glance error message",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.noarch",
          "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.src",
          "6Server-Folsom:openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
          "6Server-Folsom:python-glance-0:2012.2.1-4.el6ost.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0212"
        },
        {
          "category": "external",
          "summary": "RHBZ#902964",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0212"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0212",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0212"
        }
      ],
      "release_date": "2013-01-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-01-30T21:00:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.noarch",
            "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.src",
            "6Server-Folsom:openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
            "6Server-Folsom:python-glance-0:2012.2.1-4.el6ost.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0209"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.noarch",
            "6Server-Folsom:openstack-glance-0:2012.2.1-4.el6ost.src",
            "6Server-Folsom:openstack-glance-doc-0:2012.2.1-4.el6ost.noarch",
            "6Server-Folsom:python-glance-0:2012.2.1-4.el6ost.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openstack-glance: Backend password leak in Glance error message"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-0212 (GCVE-0-2013-0212)

Vulnerability from cvelistv5

pysec-2013-37

Vulnerability from pysec

ghsa-xv7j-2v4w-cjvh

Vulnerability from github

gsd-2013-0212

Vulnerability from gsd

fkie_cve-2013-0212

Vulnerability from fkie_nvd

rhsa-2013:0209

Vulnerability from csaf_redhat

Tags

Sightings

Nomenclature