Glance_store vulnerability

2024-02-1200:00:00

ubuntu.com

vulnerability

glance_store

ubuntu

logging

access_key

openstack

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Releases

Ubuntu 23.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS

Packages

python-glance-store - OpenStack Image Service store library

Details

It was discovered that Glance_store incorrectly handled logging when the
DEBUG log level is enabled. A local attacker could use this issue to obtain
access_key values.

OSVersionArchitecturePackageVersionFilename
Ubuntu23.10noarchpython3-glance-store< 4.6.1-0ubuntu1.1UNKNOWN
Ubuntu23.10noarchpython-glance-store-doc< 4.6.1-0ubuntu1.1UNKNOWN
Ubuntu22.04noarchpython3-glance-store< 3.0.0-0ubuntu1.4UNKNOWN
Ubuntu22.04noarchpython-glance-store-doc< 3.0.0-0ubuntu1.4UNKNOWN
Ubuntu20.04noarchpython3-glance-store< 2.0.0-0ubuntu4.3UNKNOWN
Ubuntu20.04noarchpython-glance-store-doc< 2.0.0-0ubuntu4.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	23.10	noarch	python3-glance-store	< 4.6.1-0ubuntu1.1	UNKNOWN
Ubuntu	23.10	noarch	python-glance-store-doc	< 4.6.1-0ubuntu1.1	UNKNOWN
Ubuntu	22.04	noarch	python3-glance-store	< 3.0.0-0ubuntu1.4	UNKNOWN
Ubuntu	22.04	noarch	python-glance-store-doc	< 3.0.0-0ubuntu1.4	UNKNOWN
Ubuntu	20.04	noarch	python3-glance-store	< 2.0.0-0ubuntu4.3	UNKNOWN
Ubuntu	20.04	noarch	python-glance-store-doc	< 2.0.0-0ubuntu4.3	UNKNOWN