Information disclosure in Eucalyptus
CVE-2014-5038
Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.
Vulnerability class: Information Disclosure
EPSS: 0.004 (27.0th percentile) — read the EPSS interpretation.
Affected products
- Eucalyptus — versions 3.0, 3.0.1, 3.1.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)