CVE-2014-1948: OpenStack Glance sensitive information disclosure via logs
(updated )
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
References
- bugs.launchpad.net/glance/+bug/1275062
- github.com/advisories/GHSA-4xw6-hj5p-4j79
- github.com/openstack/glance
- github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba
- github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc
- github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml
- nvd.nist.gov/vuln/detail/CVE-2014-1948
Detect and mitigate CVE-2014-1948 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →