CVE-2014-1948

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 14 February 2014

Summary

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

References

https://bugs.launchpad.net/glance/+bug/1275062

x_refsource_CONFIRM

http://secunia.com/advisories/56419

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2014-0229.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Feb 12, 2014