CVE-2014-1948

NameCVE-2014-1948
DescriptionOpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs738924

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glance (PTS)stretch2:13.0.0-4fixed
buster2:17.0.0-4fixed
bullseye, sid2:21.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glancesourcewheezy(not affected)
glancesource(unstable)2013.2.2-1738924

Notes

[wheezy] - glance <not-affected> (Only affects Havana)
https://launchpad.net/bugs/1275062

Search for package or bug name: Reporting problems