1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and
earlier, when the logging level is set to INFO, logs the connection string
from ceilometer.conf, which allows local users to obtain sensitive
information (the DB2 or MongoDB password) by reading the log file.
Author | Note |
---|---|
jdstrand | Ubuntu 13.10 is affected. /var/log/ceilometer is 0755 |