Lucene search

GitHub Advisory DatabaseGHSA-4XW6-HJ5P-4J79

HistoryMay 17, 2022 - 4:50 a.m.

OpenStack Glance sensitive information disclosure via logs

2022-05-1704:50:15

GitHub Advisory Database

github.com

openstack

glance

sensitive information

disclosure

logs

url

swift store backend

password

authentication

local users

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Affected configurations

Vulners

Node

glance_projectglanceRange<11.0.0a0

VendorProductVersionCPE
glance_projectglance*cpe:2.3:a:glance_project:glance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
glance_project	glance	*	cpe:2.3:a:glance_project:glance::::::::

References

rhn.redhat.com/errata/RHSA-2014-0229.html

secunia.com/advisories/56419

www.openwall.com/lists/oss-security/2014/02/12/18

www.securityfocus.com/bid/65507

bugs.launchpad.net/glance/+bug/1275062

github.com/advisories/GHSA-4xw6-hj5p-4j79

github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba

github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc

nvd.nist.gov/vuln/detail/CVE-2014-1948

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for GHSA-4XW6-HJ5P-4J79