CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ceilometer | < 2013.2-4 | ceilometer_2013.2-4_all.deb |
Debian | 11 | all | ceilometer | < 2013.2-4 | ceilometer_2013.2-4_all.deb |
Debian | 999 | all | ceilometer | < 2013.2-4 | ceilometer_2013.2-4_all.deb |
Debian | 13 | all | ceilometer | < 2013.2-4 | ceilometer_2013.2-4_all.deb |