CVE-2014-1948

NameCVE-2014-1948
DescriptionOpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs738924

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glance (PTS)wheezy2012.1.1-5fixed
jessie2014.1.3-12+deb8u1fixed
stretch2:13.0.0-4fixed
buster, sid2:16.0.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glancesource(unstable)2013.2.2-1low738924
glancesourcewheezy(not affected)

Notes

[wheezy] - glance <not-affected> (Only affects Havana)
https://launchpad.net/bugs/1275062

Search for package or bug name: Reporting problems