CVE-2024-1141

Published: Feb 1, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

Affected (1)

Products: Openstack: Glance Store

Openstack

1 product

Glance Store

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Glance Store	Before 4.7.0

Related CWEs

CWE-779

Logging of Excessive Data

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

References (6)

https://access.redhat.com/errata/RHSA-2024:2732

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-1141

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258836

Source: secalert@redhat.com

Issue Tracking

https://access.redhat.com/errata/RHSA-2024:2732

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2024-1141

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258836

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.