CVE-2014-1948

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Published: Feb 14, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1948
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:L/AC:H/Au:N/C:P/I:P/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
openstack / image_registry_and_delivery_service_(glance)	2013.2	2013.2.x
openstack / image_registry_and_delivery_service_(glance)	2013.2.1	2013.2.1.x

http://rhn.redhat.com/errata/RHSA-2014-0229.html
http://secunia.com/advisories/56419
http://www.openwall.com/lists/oss-security/2014/02/12/18
http://www.securityfocus.com/bid/65507
https://bugs.launchpad.net/glance/+bug/1275062

Vulnerability Database

289,697

CVE-2014-1948