CVE-2014-1948

NameCVE-2014-1948
DescriptionOpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs738924

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glance (PTS)buster2:17.0.0-4fixed
bullseye2:21.0.0-2fixed
bookworm, sid2:25.0.0-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glancesourcewheezy(not affected)
glancesource(unstable)2013.2.2-1738924

Notes

[wheezy] - glance <not-affected> (Only affects Havana)
https://launchpad.net/bugs/1275062

Search for package or bug name: Reporting problems