Sensitive Information Disclosure in OpenStack Image Registry by OpenStack
CVE-2014-1948

Currently unrated

Key Information:

Vendor

Openstack
Status
Image Registry And Delivery Service \(glance\)
Vendor
CVE Published:
14 February 2014

What is CVE-2014-1948?

The OpenStack Image Registry and Delivery Service (Glance) version 2013.2 through 2013.2.1 and earlier versions of Icehouse prior to icehouse-2 are susceptible to a security vulnerability that causes sensitive information leakage. When authentication fails while WARNING level logging is enabled, Glance logs a URL revealing the Swift store backend password. This exposes local users to the risk of retrieving sensitive information from the logs, potentially leading to unauthorized access and further security implications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugs.launchpad.net/glance/+bug/1275062
x_refsource_CONFIRM
http://secunia.com/advisories/56419
third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0229.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.