[Secure-testing-team] Bug#703063: CVE-2013-1840: Backend credentials leak in Glance v1 API

[Thomas Goirand]

Source: glance
Severity: grave
Tags: security

Stuart McLaren from HP reported a vulnerability in the information
potentially returned to the user in Glance v1 API. If an authenticated
user requests, through the v1 API, an image that is already cached, the
headers returned may disclose the Glance operator's backend credentials
for that endpoint. Only setups accepting the Glance v1 API and using
either the single-tenant Swift store or S3 store are affected.