Ceilometer
Monthly
A vulnerability was found in ceilometer before version 12.0.0.0rc1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.
A vulnerability was found in ceilometer before version 12.0.0.0rc1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.