Описание
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 2.1 | openstack-glance | Affected | ||
| RHOS Essex Release | openstack-glance | Affected | ||
| OpenStack Folsom for RHEL 6 | openstack-glance | Fixed | RHSA-2013:0707 | 04.04.2013 |
Показывать по
Дополнительная информация
Статус:
3.5 Low
CVSS2
Связанные уязвимости
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Gr ...
OpenStack Glance is vulnerable to Exposure of Sensitive Information
3.5 Low
CVSS2