Information disclosure in Eucalyptus
CVE-2014-5037
Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.
Vulnerability class: Information Disclosure
EPSS: 0.003 (26.3th percentile) — read the EPSS interpretation.
Affected products
- Eucalyptus — versions 4.0.0, 4.0.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)