CVE-2014-1948

Published: Feb 14, 2014Modified: Apr 29, 2026

2.6

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability: 1.9 / Impact: 4.9

Source: NVD

Description

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Affected (2)

Products: Openstack: Image Registry And Delivery Service (glance)

1 product

Image Registry And Delivery Service (glance)

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Image Registry And Delivery Service (glance)	Version 2013.2.1
Openstack Image Registry And Delivery Service (glance)	Version 2013.2

Related CWEs

References (10)

http://rhn.redhat.com/errata/RHSA-2014-0229.html

Source: cve@mitre.org

http://secunia.com/advisories/56419

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/02/12/18

Source: cve@mitre.org

http://www.securityfocus.com/bid/65507

Source: cve@mitre.org

https://bugs.launchpad.net/glance/+bug/1275062

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0229.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/56419

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/02/12/18

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65507

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/glance/+bug/1275062

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.