CVE 2013-1840
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Related bugs and status
CVE-2013-1840 (Candidate) is related to these bugs:
Bug #1089488: Meta bug for tracking Openstack Stable Updates
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released |
Bug #1116671: Meta bug for tracking Openstack 2012.2.3 Stable Update
Bug #1135541: [OSSA 2013-007] v1 api returns location as header for cached images
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1135541 | [OSSA 2013-007] v1 api returns location as header for cached images | Glance | High | Fix Released | ||
1135541 | [OSSA 2013-007] v1 api returns location as header for cached images | Glance essex | High | Fix Committed | ||
1135541 | [OSSA 2013-007] v1 api returns location as header for cached images | Glance folsom | High | Fix Released | ||
1135541 | [OSSA 2013-007] v1 api returns location as header for cached images | Glance grizzly | High | Fix Released | ||
1135541 | [OSSA 2013-007] v1 api returns location as header for cached images | OpenStack Security Advisory | Undecided | Fix Released |
Bug #1179707: Meta bug for tracking OpenStack 2012.2.4 Stable Update
See the
CVE page on Mitre.org
for more details.