Description
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
References (5)
Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1275062
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56419
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0229.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65507
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/12/18
Scores
EPSS
0.0006
EPSS Percentile
19.3%
Details
CWE
CWE-255
Status
published
Products (3)
openstack/image_registry_and_delivery_service_\(glance\)
2013.2
openstack/image_registry_and_delivery_service_\(glance\)
2013.2.1
pypi/glance
0 - 11.0.0a0PyPI
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026