[Openstack-devel] Bug#703063: CVE-2013-1840: Backend credentials leak in Glance v1 API

Thomas Goirand zigo at debian.org
Thu Mar 14 20:46:22 UTC 2013

Source: glance
Severity: grave
Tags: security

Stuart McLaren from HP reported a vulnerability in the information
potentially returned to the user in Glance v1 API. If an authenticated
user requests, through the v1 API, an image that is already cached, the
headers returned may disclose the Glance operator's backend credentials
for that endpoint. Only setups accepting the Glance v1 API and using
either the single-tenant Swift store or S3 store are affected.

More information about the Openstack-devel mailing list