CVE-2014-5037
Eucalyptus 4.0.0-4.0.1 - Unauthorized Exposure of Sensitive Information via Cloud-Requests Log
Title source: llmDescription
Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62055
Patch, Vendor Advisory x_refsource_confirm
https://www.eucalyptus.com/resources/security/advisories/esa-25
Scores
EPSS
0.0034
EPSS Percentile
26.5%
Details
CWE
CWE-200
Status
published
Products (2)
eucalyptus/eucalyptus
4.0.0
eucalyptus/eucalyptus
4.0.1
Published
Nov 07, 2014
Tracked Since
Feb 18, 2026