CVE-2013-0212: Infoleak
First published: Tue Jan 22 2013(Updated: )
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/glance | >=2012.1<2012.2.3 | 2012.2.3 |
| OpenStack Glance | =2012.1 | |
| OpenStack Glance | =2012.2 | |
| OpenStack Glance | =2012.2.1 | |
| OpenStack Glance | =2012.2.2 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0209.html
- http://secunia.com/advisories/51957
- http://secunia.com/advisories/51990
- http://ubuntu.com/usn/usn-1710-1
- http://www.openwall.com/lists/oss-security/2013/01/29/10
- https://bugs.launchpad.net/glance/+bug/1098962
- https://bugzilla.redhat.com/show_bug.cgi?id=902964
- https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
- https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
- https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
- https://launchpad.net/glance/+milestone/2012.2.3
- https://lists.launchpad.net/openstack/msg20517.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=685412&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=685412&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=685413&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=685413&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=685414&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=685414&action=edit
- https://rhn.redhat.com/errata/RHSA-2013-0209.html
- https://nvd.nist.gov/vuln/detail/CVE-2013-0212
- https://access.redhat.com/errata/RHSA-2013:0209
- https://access.redhat.com/security/cve/CVE-2013-0212
- https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yaml
- https://github.com/advisories/GHSA-xv7j-2v4w-cjvh (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-0212?
CVE-2013-0212 is classified as a moderate severity vulnerability due to the exposure of sensitive user credentials.
How do I fix CVE-2013-0212?
To remediate CVE-2013-0212, upgrade to OpenStack Glance version 2012.2.3 or later.
Which versions are affected by CVE-2013-0212?
CVE-2013-0212 affects OpenStack Glance versions 2012.1, 2012.2, 2012.2.1, and 2012.2.2.
What kind of information is exposed in CVE-2013-0212?
CVE-2013-0212 exposes the Swift endpoint's user name and password in cleartext.
In what mode does CVE-2013-0212 occur?
CVE-2013-0212 occurs when OpenStack Glance is configured to run in Swift single tenant mode.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0212
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-xv7j-2v4w-cjvh
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/event
- agent/author
- collector/github-advisory
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/pip
- vendor/openstack
- canonical/openstack glance
- version/openstack glance/2012.1
- version/openstack glance/2012.2
- version/openstack glance/2012.2.1
- version/openstack glance/2012.2.2
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/11.10
- version/ubuntu/12.04
- version/ubuntu/12.10