CVE-2014-1948
published 2014-02-14CVE-2014-1948: OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend…
low2.6CVSS 3.1
AVLACHAuNCPIPAN
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glance | < glance 2013.2.2-1 (bookworm) | glance 2013.2.2-1 (bookworm) |
| glance_project | glance | >= 0 < 2013.2.2-1 | 2013.2.2-1 |
| glance_project | glance | >= 0 < 2013.2.2-1 | 2013.2.2-1 |
| glance_project | glance | >= 0 < 2013.2.2-1 | 2013.2.2-1 |
| glance_project | glance | >= 0 < 2013.2.2-1 | 2013.2.2-1 |
| glance_project | glance | >= 0 < 11.0.0a0 | 11.0.0a0 |
| openstack | image_registry_and_delivery_service | — | — |
| openstack | image_registry_and_delivery_service | — | — |
CVSS provenance
nvd2.6LOWAV:L/AC:H/Au:N/C:P/I:P/A:N
osv2.6LOW