Lucene search
Veracode Vulnerability DatabaseVERACODE:11160HistoryJan 15, 2019 - 8:57 a.m.
Information Disclosure
2019-01-1508:57:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0
Percentile
5.1%
openstack-glance is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
References
rhn.redhat.com/errata/RHSA-2014-0229.html
secunia.com/advisories/56419
www.openwall.com/lists/oss-security/2014/02/12/18
www.securityfocus.com/bid/65507
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/glance/+bug/1275062
bugzilla.redhat.com/show_bug.cgi?id=1065313
rhn.redhat.com/errata/RHSA-2014-0229.html
Related
redhat
redhat
(RHSA-2014:0229) Moderate: openstack-glance security and bug fix update
2014-03-04 00:00:00
cve
cve
CVE-2014-1948
2014-02-14 15:55:06
prion
prion
Design/Logic Flaw
2014-02-14 15:55:00
debiancve
debiancve
CVE-2014-1948
2014-02-14 15:55:06
ubuntucve
ubuntucve
CVE-2014-1948
2014-02-14 00:00:00
nvd
nvd
CVE-2014-1948
2014-02-14 15:55:06
cvelist
cvelist
CVE-2014-1948
2014-02-14 15:00:00
github
github
OpenStack Glance sensitive information disclosure via logs
2022-05-17 04:50:15
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-glance-2013.2.3-3.fc20
2014-05-13 05:03:44
openvas
openvas
Fedora Update for openstack-glance FEDORA-2014-5198
2014-05-19 00:00:00