CVE-2014-1948

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 1.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugs.launchpad.net/glance/+bug/1275062
http://www.openwall.com/lists/oss-security/2014/02/12/18
http://www.securityfocus.com/bid/65507
http://secunia.com/advisories/56419
http://rhn.redhat.com/errata/RHSA-2014-0229.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:::::::*
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:::::::*

Information

Published : 2014-02-14 07:55

Updated : 2014-03-07 21:13

NVD link : CVE-2014-1948

Mitre link : CVE-2014-1948

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

openstack

image_registry_and_delivery_service_\(glance\)

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.launchpad.net/glance/+bug/1275062", "name": "https://bugs.launchpad.net/glance/+bug/1275062", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2014/02/12/18", "name": "[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak (CVE-2014-1948)", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/65507", "name": "65507", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/56419", "name": "56419", "tags": [], "refsource": "SECUNIA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html", "name": "RHSA-2014:0229", "tags": [], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-1948", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-14T15:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-03-08T05:13Z"}

2.6 /10