Moderate severityNVD Advisory· Published Feb 24, 2013· Updated Apr 29, 2026
CVE-2013-0212
CVE-2013-0212
Description
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glancePyPI | >= 2012.1, < 2012.2.3 | 2012.2.3 |
Affected products
7cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2012.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2012.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2012.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2012.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2012.2.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Patches
337d4d96bf88cRemove Swift location/password from messages.
1 file changed · +8 −9
glance/store/swift.py+8 −9 modified@@ -109,7 +109,7 @@ def parse_uri(self, uri): "like so: " "swift+http://user:pass@authurl.com/v1/container/obj" ) - logger.error(_("Invalid store uri %(uri)s: %(reason)s") % locals()) + logger.error(_("Invalid store URI: %(reason)s") % locals()) raise exception.BadStoreUri() pieces = urlparse.urlparse(uri) @@ -139,8 +139,7 @@ def parse_uri(self, uri): # the account and user. Combine them into a single username of # account:user if len(cred_parts) == 1: - reason = (_("Badly formed credentials '%(creds)s' in Swift " - "URI") % locals()) + reason = (_("Badly formed credentials in Swift URI.")) logger.error(reason) raise exception.BadStoreUri() elif len(cred_parts) == 3: @@ -161,7 +160,7 @@ def parse_uri(self, uri): path_parts.insert(0, netloc) self.authurl = '/'.join(path_parts) except IndexError: - reason = _("Badly formed Swift URI: %s") % uri + reason = _("Badly formed Swift URI.") logger.error(reason) raise exception.BadStoreUri() @@ -265,8 +264,8 @@ def get(self, location): except swift_client.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_store_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise @@ -464,7 +463,7 @@ def add(self, image_id, image_file, image_size): except swift_client.ClientException, e: if e.http_status == httplib.CONFLICT: raise exception.Duplicate(_("Swift already has an image at " - "location %s") % location.get_uri()) + "this location.")) msg = (_("Failed to add object to Swift.\n" "Got error from Swift: %(e)s") % locals()) logger.error(msg) @@ -513,8 +512,8 @@ def delete(self, location): except swift_client.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_store_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise
96a470be64adRemove Swift location/password from messages.
1 file changed · +10 −11
glance/store/swift.py+10 −11 modified@@ -136,7 +136,7 @@ def parse_uri(self, uri): "like so: " "swift+http://user:pass@authurl.com/v1/container/obj" ) - LOG.error(_("Invalid store uri %(uri)s: %(reason)s") % locals()) + LOG.error(_("Invalid store URI: %(reason)s") % locals()) raise exception.BadStoreUri(message=reason) pieces = urlparse.urlparse(uri) @@ -162,8 +162,7 @@ def parse_uri(self, uri): if creds: cred_parts = creds.split(':') if len(cred_parts) != 2: - reason = (_("Badly formed credentials '%(creds)s' in Swift " - "URI") % locals()) + reason = (_("Badly formed credentials in Swift URI.")) LOG.error(reason) raise exception.BadStoreUri() user, key = cred_parts @@ -181,7 +180,7 @@ def parse_uri(self, uri): path_parts.insert(0, netloc) self.auth_or_store_url = '/'.join(path_parts) except IndexError: - reason = _("Badly formed Swift URI: %s") % uri + reason = _("Badly formed Swift URI.") LOG.error(reason) raise exception.BadStoreUri() @@ -293,8 +292,8 @@ def get(self, location): except swiftclient.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_store_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise @@ -543,7 +542,7 @@ def add(self, image_id, image_file, image_size): except swiftclient.ClientException, e: if e.http_status == httplib.CONFLICT: raise exception.Duplicate(_("Swift already has an image at " - "location %s") % location.get_uri()) + "this location.")) msg = (_("Failed to add object to Swift.\n" "Got error from Swift: %(e)s") % locals()) LOG.error(msg) @@ -596,8 +595,8 @@ def delete(self, location): except swiftclient.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_store_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise @@ -637,8 +636,8 @@ def set_acls(self, location, public=False, read_tenants=[], except swiftclient.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_store_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise
e96273112b5bRemove Swift location/password from messages.
1 file changed · +10 −12
glance/store/swift.py+10 −12 modified@@ -136,7 +136,7 @@ def parse_uri(self, uri): ", you need to change it to use the " "swift+http:// scheme, like so: " "swift+http://user:pass@authurl.com/v1/container/obj") - LOG.debug(_("Invalid store uri %(uri)s: %(reason)s") % locals()) + LOG.debug(_("Invalid store URI: %(reason)s") % locals()) raise exception.BadStoreUri(message=reason) pieces = urlparse.urlparse(uri) @@ -162,8 +162,7 @@ def parse_uri(self, uri): if creds: cred_parts = creds.split(':') if len(cred_parts) != 2: - reason = (_("Badly formed credentials '%(creds)s' in Swift " - "URI") % locals()) + reason = (_("Badly formed credentials in Swift URI.")) LOG.debug(reason) raise exception.BadStoreUri() user, key = cred_parts @@ -181,7 +180,7 @@ def parse_uri(self, uri): path_parts.insert(0, netloc) self.auth_or_store_url = '/'.join(path_parts) except IndexError: - reason = _("Badly formed Swift URI: %s") % uri + reason = _("Badly formed Swift URI.") LOG.debug(reason) raise exception.BadStoreUri() @@ -241,8 +240,8 @@ def get(self, location, connection=None): except swiftclient.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise @@ -375,8 +374,7 @@ def add(self, image_id, image_file, image_size, connection=None): except swiftclient.ClientException, e: if e.http_status == httplib.CONFLICT: raise exception.Duplicate(_("Swift already has an image at " - "location %s") % - location.get_uri()) + "this location")) msg = (_("Failed to add object to Swift.\n" "Got error from Swift: %(e)s") % locals()) LOG.error(msg) @@ -419,8 +417,8 @@ def delete(self, location, connection=None): except swiftclient.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise @@ -578,8 +576,8 @@ def set_acls(self, location, public=False, read_tenants=None, except swiftclient.ClientException, e: if e.http_status == httplib.NOT_FOUND: uri = location.get_uri() - raise exception.NotFound(_("Swift could not find image at " - "uri %(uri)s") % locals()) + msg = _("Swift could not find image at URI.") + raise exception.NotFound(msg) else: raise
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
17- ubuntu.com/usn/usn-1710-1nvdPatchWEB
- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- rhn.redhat.com/errata/RHSA-2013-0209.htmlnvdVendor AdvisoryWEB
- secunia.com/advisories/51957nvdVendor Advisory
- secunia.com/advisories/51990nvdVendor Advisory
- github.com/advisories/GHSA-xv7j-2v4w-cjvhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-0212ghsaADVISORY
- www.openwall.com/lists/oss-security/2013/01/29/10nvdWEB
- access.redhat.com/errata/RHSA-2013:0209ghsaWEB
- access.redhat.com/security/cve/CVE-2013-0212ghsaWEB
- bugs.launchpad.net/glance/+bug/1098962nvdWEB
- github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7nvdWEB
- github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1nvdWEB
- github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yamlghsaWEB
- launchpad.net/glance/+milestone/2012.2.3nvdWEB
- lists.launchpad.net/openstack/msg20517.htmlnvdWEB
News mentions
0No linked articles in our index yet.