CVE-2013-0212

Name of the Vulnerable Software and Affected Versions OpenStack Glance versions 2012.1, 2012.2 before 2012.2.3, and 2012.2.3 and earlier of Grizzly

Description The issue allows remote authenticated users to obtain sensitive information by reading error messages. This occurs when the Swift endpoint is misconfigured or unusable in Swift single tenant mode, causing the store/swift.py component to log the Swift endpoint's user name and password in cleartext.

Recommendations For OpenStack Glance version 2012.1, update to a version that includes the necessary security fixes. For OpenStack Glance version 2012.2 before 2012.2.3, update to version 2012.2.3 or later. For OpenStack Glance Grizzly versions prior to the fix, update to a version that includes the necessary security fixes. As a temporary workaround, consider restricting access to the error messages to minimize the risk of exploitation.