Lucene search

K

GitHub Advisory DatabaseGHSA-4XW6-HJ5P-4J79

HistoryMay 17, 2022 - 4:50 a.m.

OpenStack Glance sensitive information disclosure via logs

2022-05-1704:50:15

GitHub Advisory Database

github.com

1

2.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Affected configurations

Vulners

Node

glance_projectglanceRange<11.0.0a0

CPENameOperatorVersion
glancelt11.0.0a0

References

rhn.redhat.com/errata/RHSA-2014-0229.html

secunia.com/advisories/56419

www.openwall.com/lists/oss-security/2014/02/12/18

www.securityfocus.com/bid/65507

bugs.launchpad.net/glance/+bug/1275062

github.com/advisories/GHSA-4xw6-hj5p-4j79

github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba

github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc

nvd.nist.gov/vuln/detail/CVE-2014-1948

2.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Related for GHSA-4XW6-HJ5P-4J79

ubuntucve1 nvd1 cvelist1 debiancve1 prion1 veracode1 cve1 redhat1 openvas1 fedora1