CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
Vendor | Product | Version | CPE |
---|---|---|---|
glance_project | glance | * | cpe:2.3:a:glance_project:glance:*:*:*:*:*:*:*:* |
rhn.redhat.com/errata/RHSA-2014-0229.html
secunia.com/advisories/56419
www.openwall.com/lists/oss-security/2014/02/12/18
www.securityfocus.com/bid/65507
bugs.launchpad.net/glance/+bug/1275062
github.com/advisories/GHSA-4xw6-hj5p-4j79
github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba
github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc
nvd.nist.gov/vuln/detail/CVE-2014-1948