Описание
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2013.1~rc1-0ubuntu1 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | not-affected | code-not-present |
| precise | released | 2012.1.3+stable~20120821-120fcf-0ubuntu1.5 |
| quantal | released | 2012.2.1-0ubuntu1.2 |
| upstream | pending | 2013.1~rc1 |
Показывать по
EPSS
3.5 Low
CVSS2
Связанные уязвимости
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Gr ...
OpenStack Glance is vulnerable to Exposure of Sensitive Information
EPSS
3.5 Low
CVSS2