Vulnerability Details CVE-2014-1948
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.7%
CVSS Severity
CVSS v2 Score 2.6
References
- http://rhn.redhat.com/errata/RHSA-2014-0229.html
- http://secunia.com/advisories/56419
- http://www.openwall.com/lists/oss-security/2014/02/12/18
- http://www.securityfocus.com/bid/65507
- https://bugs.launchpad.net/glance/+bug/1275062
- http://rhn.redhat.com/errata/RHSA-2014-0229.html
- http://secunia.com/advisories/56419
- http://www.openwall.com/lists/oss-security/2014/02/12/18
- http://www.securityfocus.com/bid/65507
- https://bugs.launchpad.net/glance/+bug/1275062
Products affected by CVE-2014-1948
-
cpe:2.3:a:openstack:image_registry_and_delivery_service_(glance):2013.2
-
cpe:2.3:a:openstack:image_registry_and_delivery_service_(glance):2013.2.1