{"id":"PYSEC-2013-37","details":"store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.","aliases":["CVE-2013-0212","GHSA-xv7j-2v4w-cjvh"],"modified":"2026-06-10T17:01:19.823966529Z","published":"2013-02-24T21:55:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=902964"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/01/29/10"},{"type":"WEB","url":"https://lists.launchpad.net/openstack/msg20517.html"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"},{"type":"FIX","url":"http://ubuntu.com/usn/usn-1710-1"},{"type":"ADVISORY","url":"http://secunia.com/advisories/51990"},{"type":"WEB","url":"https://launchpad.net/glance/+milestone/2012.2.3"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0209.html"},{"type":"WEB","url":"https://bugs.launchpad.net/glance/+bug/1098962"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"},{"type":"ADVISORY","url":"http://secunia.com/advisories/51957"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xv7j-2v4w-cjvh"}],"affected":[{"package":{"name":"glance","ecosystem":"PyPI","purl":"pkg:pypi/glance"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/glance","events":[{"introduced":"0"},{"fixed":"e96273112b5b5da58d970796b7cfce04c5030a89"},{"fixed":"37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"},{"fixed":"96a470be64adcef97f235ca96ed3c59ed954a4c1"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["15.0.2","17.0.1","18.0.0","18.0.0.0b1","18.0.0.0rc1","18.0.1","19.0.0","19.0.0.0b1","19.0.0.0rc1","19.0.0.0rc2","19.0.1","19.0.2","19.0.3","19.0.4","20.0.0","20.0.0.0b1","20.0.0.0b2","20.0.0.0b3","20.0.0.0rc1","20.0.0.0rc2","20.0.1","20.1.0","20.2.0","21.0.0","21.0.0.0b1","21.0.0.0b2","21.0.0.0rc1","21.0.0.0rc2","21.1.0","22.0.0","22.0.0.0b2","22.0.0.0b3","22.0.0.0rc1","22.1.0","22.1.1","23.0.0","23.0.0.0b2","23.0.0.0b3","23.0.0.0rc1","23.0.0.0rc2","23.1.0","24.0.0","24.0.0.0rc1","24.1.0","24.2.0","24.2.1","25.0.0","25.0.0.0b2","25.0.0.0b3","25.0.0.0rc1","25.1.0","26.0.0","26.0.0.0b2","26.0.0.0b3","26.0.0.0rc1","26.1.0","27.0.0","27.0.0.0b1","27.0.0.0b2","27.0.0.0rc1","27.1.0","27.1.1","28.0.0","28.0.0.0b2","28.0.0.0rc1","28.0.1","28.1.0","28.2.0","29.0.0","29.0.0.0b1","29.0.0.0b2","29.0.0.0b3","29.0.0.0rc1","29.1.0","29.2.0","29.2.1","30.0.0","30.0.0.0b2","30.0.0.0rc1","30.1.0","30.2.0","31.0.0","31.0.0.0b2","31.0.0.0rc1","31.1.0","32.0.0","32.0.0.0b2","32.0.0.0rc1","32.0.0.0rc2","grizzly-2","2012.2.1","grizzly-1","folsom-rc3","2012.2","folsom-rc2","folsom-rc1","folsom-3","2012.1.2","folsom-2","2012.1.1","essex-rc3","2012.1","essex-rc2","essex-rc1","essex-3","essex-1","2011.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2013-37.yaml"}}],"schema_version":"1.7.5"}