[Openstack-devel] Bug#703063: CVE-2013-1840: Backend credentials leak in Glance v1 API
Thomas Goirand
zigo at debian.org
Thu Mar 14 20:46:22 UTC 2013
Source: glance
Severity: grave
Tags: security
Stuart McLaren from HP reported a vulnerability in the information
potentially returned to the user in Glance v1 API. If an authenticated
user requests, through the v1 API, an image that is already cached, the
headers returned may disclose the Glance operator's backend credentials
for that endpoint. Only setups accepting the Glance v1 API and using
either the single-tenant Swift store or S3 store are affected.
More information about the Openstack-devel
mailing list