CVE-2014-1948Log File Information Exposure in Project Glance

CWE-255CWE-532Log File Information Exposure10 documents7 sources
Severity
2.6LOWNVD
EPSS
0.1%
top 80.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Glance Project GlanceOpenstack Image Registry AND Delivery Service
Timeline
PublishedFeb 14
Latest updateMay 17

Description

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

CVSS vector

AV:L/AC:H/C:P/I:P/A:NExploitability: 1.9 | Impact: 4.9

Affected Packages3 packages

PyPIglance_project/glance< 11.0.0a0
Debianglance_project/glance< 2013.2.2-1+3

🔴Vulnerability Details

4
GHSA
OpenStack Glance sensitive information disclosure via logs2022-05-17
OSV
OpenStack Glance sensitive information disclosure via logs2022-05-17
OSV
CVE-2014-1948: OpenStack Image Registry and Delivery Service (Glance) 20132014-02-14
CVEList
CVE-2014-1948: OpenStack Image Registry and Delivery Service (Glance) 20132014-02-14

📋Vendor Advisories

2
Red Hat
openstack-glance: Glance Swift store backend password leak2014-02-12
Debian
CVE-2014-1948: glance - OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 a...2014

💬Community

3
Bugzilla
CVE-2014-1948 openstack-glance: Glance Swift store backend password leak [fedora-20]2014-02-13
Bugzilla
CVE-2014-1948 openstack-glance: Glance Swift store backend password leak [fedora-19]2014-02-13
Bugzilla
CVE-2014-1948 openstack-glance: Glance Swift store backend password leak2014-02-12
CVE-2014-1948 — Log File Information Exposure | cvebase