Information disclosure in Eucalyptus

CVE-2014-5038

Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.

Vulnerability class: Information Disclosure

EPSS: 0.004 (27.0th percentile) — read the EPSS interpretation.

Affected products

  • Eucalyptus — versions 3.0, 3.0.1, 3.1.0
  • N/a — versions n/a

Weakness classification (CWE)

References