Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1948

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2014-1948
Last Modified 08 Mar 2014 12:13:14
Published 14 Feb 2014 10:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2014-1948

Summary

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Vulnerable Systems

Application

  • Openstack Image Registry And Delivery Service %28glance%29 2013.2

  • Openstack Image Registry And Delivery Service %28glance%29 2013.2.1


References

CONFIRM - https://bugs.launchpad.net/glance/+bug/1275062

MLIST - [oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak (CVE-2014-1948)

BID - 65507

SECUNIA - 56419

REDHAT - RHSA-2014:0229


Last Updated: 27 May 2016 10:56:44