CVE-2013-0212 — OpenStack Glance logs user name and password in cleartext

Description

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

How to fix CVE-2013-0212

To remediate CVE-2013-0212, upgrade the affected package to a fixed version below.

Debian/glance—upgrade to 2012.1.1-4 or later
PyPI/glance—upgrade to 2012.2.3 or later
—upgrade to e96273112b5b5da58d970796b7cfce04c5030a89 or later

Is CVE-2013-0212 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2012.1.1-4
>= 2012.1, < 2012.2.3
from 0, < e96273112b5b5da58d970796b7cfce04c5030a89, < 37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7, < 96a470be64adcef97f235ca96ed3c59ed954a4c1 | from 0

References (19)

ADVISORYsecunia.com/advisories/51957
ADVISORYsecunia.com/advisories/51990
ADVISORYgithub.com/advisories/GHSA-xv7j-2v4w-cjvh
ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-0212
ADVISORYsecurity-tracker.debian.org