PT-2024-5382 · Apache · Apache Arrow Rust Object Store

Name of the Vulnerable Software and Affected Versions: Apache Arrow Rust Object Store versions 0.10.1 and earlier Description: The issue is related to the exposure of temporary credentials in logs when using AWS WebIdentityTokens with the object store crate. On certain error conditions, the logs...

openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files

A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges...