Information disclosure in Eucalyptus

CVE-2014-5037

Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.

Vulnerability class: Information Disclosure

EPSS: 0.003 (26.3th percentile) — read the EPSS interpretation.

Affected products

  • Eucalyptus — versions 4.0.0, 4.0.1
  • N/a — versions n/a

Weakness classification (CWE)

References