CVE-2014-1948

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 1.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2014-0229.html
http://secunia.com/advisories/56419
http://www.openwall.com/lists/oss-security/2014/02/12/18
http://www.securityfocus.com/bid/65507
https://bugs.launchpad.net/glance/+bug/1275062

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:::::::*
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:::::::*

History

No history.

Information

Published : 2014-02-14 15:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-1948

Mitre link : CVE-2014-1948

CVE.ORG link : CVE-2014-1948

JSON object : View

Products Affected

openstack

image_registry_and_delivery_service_\(glance\)

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2014-1948", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-14T15:55:06.407", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/56419", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/02/12/18", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/65507", "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/glance/+bug/1275062", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log."}, {"lang": "es", "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 hasta 2013.2.1 y Icehouse anterior a icehouse-2 registra una URL que contiene la contrase\u00f1a de Swift store backend cuando falla la autenticaci\u00f3n y el registro a nivel de advertencia est\u00e1 habilitado, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura del registro."}], "lastModified": "2014-03-08T05:13:14.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5187A73A-0D13-442E-AC27-D995B652F184"}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20E946F4-A78D-4444-8418-AB44F93FE603"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}