Launchpad CVE tracker

CVE 2014-1948

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Related bugs and status

CVE-2014-1948 (Candidate) is related to these bugs:

Bug #1275062: [OSSA 2014-004] sensitive info in image location is logged when authentication to single tenant swift store fails (CVE-2014-1948)

		In	Importance	Status
1275062	[OSSA 2014-004] sensitive info in image location is logged when authentication to single tenant swift store fails (CVE-2014-1948)	Glance	High	Fix Released
1275062	[OSSA 2014-004] sensitive info in image location is logged when authentication to single tenant swift store fails (CVE-2014-1948)	OpenStack Security Advisory	High	Fix Released
1275062	[OSSA 2014-004] sensitive info in image location is logged when authentication to single tenant swift store fails (CVE-2014-1948)	Glance havana	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-1948

References