Name of the Vulnerable Software and Affected Versions OpenStack Glance versions 2012.1, 2012.2 before 2012.2.3, and 2012.2.3 and earlier of Grizzly

Description The issue allows remote authenticated users to obtain sensitive information by reading error messages. This occurs when the Swift endpoint is misconfigured or unusable in Swift single tenant mode, causing the user name and password to be logged in cleartext.

Recommendations For OpenStack Glance version 2012.1, update to a version later than 2012.1 to resolve the issue. For OpenStack Glance version 2012.2 before 2012.2.3, update to version 2012.2.3 or later to resolve the issue. For OpenStack Glance Grizzly versions 2012.2.3 and earlier, update to a version later than 2012.2.3 to resolve the issue.