4

CVE-2013-0212

EPSS 1.2%
Veröffentlicht 24.02.2013 21:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.2%	0.782

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://rhn.redhat.com/errata/RHSA-2013-0209.html

Vendor Advisory

http://secunia.com/advisories/51957

Vendor Advisory

http://secunia.com/advisories/51990

Vendor Advisory

http://ubuntu.com/usn/usn-1710-1

Patch

http://www.openwall.com/lists/oss-security/2013/01/29/10

https://bugs.launchpad.net/glance/+bug/1098962

https://bugzilla.redhat.com/show_bug.cgi?id=902964

Patch

https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7

https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1

https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89

https://launchpad.net/glance/+milestone/2012.2.3

https://lists.launchpad.net/openstack/msg20517.html

https://nvd.nist.gov/vuln/detail/CVE-2013-0212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0212

EUVD