Vulnerability Details : CVE-2014-1948
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
Products affected by CVE-2014-1948
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1948
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1948
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:N |
1.9
|
4.9
|
NIST |
CWE ids for CVE-2014-1948
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1948
-
https://bugs.launchpad.net/glance/+bug/1275062
Bug #1275062 “[OSSA 2014-004] sensitive info in image location i...” : Bugs : Glance
-
http://www.openwall.com/lists/oss-security/2014/02/12/18
oss-security - [OSSA 2014-004] Glance Swift store backend password leak (CVE-2014-1948)
-
http://www.securityfocus.com/bid/65507
OpenStack Glance Information Disclosure Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2014-0229.html
RHSA-2014:0229 - Security Advisory - Red Hat Customer Portal
Jump to