Vulnerability in Openstack Image_registry_and_delivery_service_\(glance\)

CVE-2014-1948

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allo…

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

Affected products

Openstack Image_registry_and_delivery_service_\(glance\) — versions 2013.2, 2013.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

cve@mitre.org (x_refsource_CONFIRM)
56419 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2014:0229 (x_refsource_REDHAT, vendor-advisory)
65507 (vdb-entry, x_refsource_BID)
[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak (CVE-2014-1948) (mailing-list, x_refsource_MLIST)