CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:P/A:N
EPSS
Percentile
5.1%
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through
2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift
store backend password when authentication fails and WARNING level logging
is enabled, which allows local users to obtain sensitive information by
reading the log.
Author | Note |
---|---|
mdeslaur | OSSA 2014-004 |
jdstrand | Ubuntu 13.10 (OpenStack Havana) only |