Skip to main content

Image Registry And Delivery Service Glance CVE-2014-1948

LOW
Credentials Management Errors (CWE-255)
2014-02-14 cve@mitre.org
2.6
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.6 LOW
AV:L/AC:H/Au:N/C:P/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:H/Au:N/C:P/I:P/A:N
Attack Vector
Local
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 14, 2014 - 15:55 cve.org
LOW 2.6

DescriptionCVE.org

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

AnalysisAI

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and. Rated low severity (CVSS 2.6).

Technical ContextAI

This vulnerability is classified under CWE-255. OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. Affected products include: Openstack Image Registry And Delivery Service \(Glance\). Version information: through 2013.2.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-1881 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9684 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9623 MEDIUM POC
4.0 Jan 23

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storag

CVE-2015-5286 MEDIUM
6.8 Oct 26

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated

CVE-2015-1195 MEDIUM
6.5 Jan 21

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows

CVE-2014-0162 MEDIUM
6.0 Apr 27

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse befor

CVE-2012-5482 MEDIUM
5.5 Nov 11

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2012-4573 MEDIUM
5.5 Nov 11

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2014-9493 MEDIUM
5.5 Jan 07

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenti

CVE-2015-5251 MEDIUM
5.5 Oct 26

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated u

CVE-2016-0757 MEDIUM
4.3 Apr 13

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations

CVE-2013-0212 MEDIUM
4.0 Feb 24

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single te

Share

CVE-2014-1948 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy