3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.9%
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and
Grizzly, when using the single-tenant Swift or S3 store, reports the
location field, which allows remote authenticated users to obtain the
operator’s backend credentials via a request for a cached image.