Sensitive Information Disclosure in OpenStack Image Registry by OpenStack
CVE-2014-1948
Currently unrated
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 14 February 2014
Summary
The OpenStack Image Registry and Delivery Service (Glance) version 2013.2 through 2013.2.1 and earlier versions of Icehouse prior to icehouse-2 are susceptible to a security vulnerability that causes sensitive information leakage. When authentication fails while WARNING level logging is enabled, Glance logs a URL revealing the Swift store backend password. This exposes local users to the risk of retrieving sensitive information from the logs, potentially leading to unauthorized access and further security implications.
References
Timeline
Vulnerability published
Vulnerability Reserved