CVE-2014-5038

Eucalyptus 3.0.0-4.0.1 - Unauthorized Sensitive Information Exposure via Debug Log

Title source: llm
STIX 2.1

Description

Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.eucalyptus.com/resources/security/advisories/esa-26

Scores

EPSS 0.0035
EPSS Percentile 27.2%

Details

CWE
CWE-200
Status published
Products (17)
eucalyptus/eucalyptus 3.0
eucalyptus/eucalyptus 3.0.1
eucalyptus/eucalyptus 3.1.0
eucalyptus/eucalyptus 3.1.1
eucalyptus/eucalyptus 3.1.2
eucalyptus/eucalyptus 3.2.0
eucalyptus/eucalyptus 3.2.1
eucalyptus/eucalyptus 3.2.2
eucalyptus/eucalyptus 3.3.0
eucalyptus/eucalyptus 3.3.1
... and 7 more
Published Nov 07, 2014
Tracked Since Feb 18, 2026