Information disclosure in Eucalyptus
CVE-2014-5036
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.
Vulnerability class: Information Disclosure
EPSS: 0.003 (24.3th percentile) — read the EPSS interpretation.
Affected products
- Eucalyptus — versions 3.4.2, 3.4.3, 4.0.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)