CVE-2013-0212

OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0212. PoCs published by LogSec.

AI-analyzed exploit summary The repository contains source code from OpenStack Glance but lacks a functional exploit or proof-of-concept for CVE-2013-0212. The README only references a GitHub commit without further details.

Description

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

Exploits (1)

nomisec STUB

by LogSec · poc

https://github.com/LogSec/CVE-2013-0212

View Code ZIP pw:eip

The repository contains source code from OpenStack Glance but lacks a functional exploit or proof-of-concept for CVE-2013-0212. The README only references a GitHub commit without further details.

Classification

Stub 30%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: OpenStack Glance (version unspecified)

No auth needed

Prerequisites: None identified

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Various Sources mailing-list x_refsource_mlist

https://lists.launchpad.net/openstack/msg20517.html

Patch vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-1710-1

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/glance/+bug/1098962

Patch x_refsource_confirm

https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1

View Patch ZIP pw:eip

Patch x_refsource_confirm

https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7

View Patch ZIP pw:eip

Various Sources x_refsource_confirm

https://launchpad.net/glance/+milestone/2012.2.3

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/01/29/10

Patch x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=902964

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0209.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51990

Patch x_refsource_confirm

https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89

View Patch ZIP pw:eip

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51957

Scores

EPSS 0.0114

EPSS Percentile 78.9%

Details

CWE

CWE-200

Status published

Products (8)

canonical/ubuntu_linux 11.10

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

openstack/image_registry_and_delivery_service_\(glance\) 2012.1

openstack/image_registry_and_delivery_service_\(glance\) 2012.2

openstack/image_registry_and_delivery_service_\(glance\) 2012.2.1

openstack/image_registry_and_delivery_service_\(glance\) 2012.2.2

pypi/glance 2012.1 - 2012.2.3PyPI

Published Feb 24, 2013

Tracked Since Feb 18, 2026