Sensitive Information Disclosure in OpenStack Image Registry by OpenStack
CVE-2014-1948

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
14 February 2014

Summary

The OpenStack Image Registry and Delivery Service (Glance) version 2013.2 through 2013.2.1 and earlier versions of Icehouse prior to icehouse-2 are susceptible to a security vulnerability that causes sensitive information leakage. When authentication fails while WARNING level logging is enabled, Glance logs a URL revealing the Swift store backend password. This exposes local users to the risk of retrieving sensitive information from the logs, potentially leading to unauthorized access and further security implications.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.