Lucene search

K

Ubuntu.comUB:CVE-2013-6384

HistoryNov 23, 2013 - 12:00 a.m.

CVE-2013-6384

2013-11-2300:00:00

ubuntu.com

ubuntu.com

13

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and
earlier, when the logging level is set to INFO, logs the connection string
from ceilometer.conf, which allows local users to obtain sensitive
information (the DB2 or MongoDB password) by reading the log file.

Bugs

<https://bugs.launchpad.net/ceilometer/+bug/1244476>

Notes

Author	Note
jdstrand	Ubuntu 13.10 is affected. /var/log/ceilometer is 0755

References

www.openwall.com/lists/oss-security/2013/11/22/3

bugs.launchpad.net/ceilometer/+bug/1244476

launchpad.net/bugs/cve/CVE-2013-6384

nvd.nist.gov/vuln/detail/CVE-2013-6384

security-tracker.debian.org/tracker/CVE-2013-6384

www.cve.org/CVERecord?id=CVE-2013-6384

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

Related for UB:CVE-2013-6384

cve1 prion1 nvd1 cvelist1 debiancve1