Sensitive Information Disclosure in OpenStack Image Registry by OpenStack
CVE-2014-1948

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 14 February 2014

Summary

The OpenStack Image Registry and Delivery Service (Glance) version 2013.2 through 2013.2.1 and earlier versions of Icehouse prior to icehouse-2 are susceptible to a security vulnerability that causes sensitive information leakage. When authentication fails while WARNING level logging is enabled, Glance logs a URL revealing the Swift store backend password. This exposes local users to the risk of retrieving sensitive information from the logs, potentially leading to unauthorized access and further security implications.

References

https://bugs.launchpad.net/glance/+bug/1275062

x_refsource_CONFIRM

http://secunia.com/advisories/56419

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2014-0229.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Feb 12, 2014