Information disclosure in Eucalyptus

CVE-2014-5036

The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.

Vulnerability class: Information Disclosure

EPSS: 0.003 (24.3th percentile) — read the EPSS interpretation.

Affected products

  • Eucalyptus — versions 3.4.2, 3.4.3, 4.0.0
  • N/a — versions n/a

Weakness classification (CWE)

References