CVE-2014-1948
Published: 14 February 2014
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2014-004 |
jdstrand | Ubuntu 13.10 (OpenStack Havana) only |
Priority
Status
Package | Release | Status |
---|---|---|
glance Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
saucy |
Not vulnerable
(1:2013.2.2-0ubuntu1)
|
|
upstream |
Released
(2013.2.2-1)
|
|
Patches: other: https://review.openstack.org/72473 |