CVE-2014-5037

Eucalyptus 4.0.0-4.0.1 - Unauthorized Exposure of Sensitive Information via Cloud-Requests Log

Title source: llm
STIX 2.1

Description

Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62055
Patch, Vendor Advisory x_refsource_confirm
https://www.eucalyptus.com/resources/security/advisories/esa-25

Scores

EPSS 0.0034
EPSS Percentile 26.5%

Details

CWE
CWE-200
Status published
Products (2)
eucalyptus/eucalyptus 4.0.0
eucalyptus/eucalyptus 4.0.1
Published Nov 07, 2014
Tracked Since Feb 18, 2026