CVE-2013-1840

Publication date 14 March 2013

Last updated 24 July 2024

Ubuntu priority

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glance	12.10 quantal	Fixed 2012.2.1-0ubuntu1.2
	12.04 LTS precise	Fixed 2012.1.3+stable~20120821-120fcf-0ubuntu1.5
	11.10 oneiric	Not affected
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1764-1
OpenStack Glance vulnerability
14 March 2013

Other references

https://lists.launchpad.net/openstack/msg21891.html
https://www.cve.org/CVERecord?id=CVE-2013-1840