Candidate: CVE-2014-1948
PublicDate: 2014-02-14 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948
 http://www.openwall.com/lists/oss-security/2014/02/12/18
 http://lists.openstack.org/pipermail/openstack-announce/2014-February/000194.html
Description:
 OpenStack Image Registry and Delivery Service (Glance) 2013.2 through
 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift
 store backend password when authentication fails and WARNING level logging
 is enabled, which allows local users to obtain sensitive information by
 reading the log.
Ubuntu-Description:
Notes:
 mdeslaur> OSSA 2014-004
 jdstrand> Ubuntu 13.10 (OpenStack Havana) only
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924
 https://bugs.launchpad.net/glance/+bug/1275062
Priority: medium
Discovered-by: Nikhil Komawar
Assigned-to:
CVSS: 

Patches_glance:
 other: https://review.openstack.org/72473 (havana)
upstream_glance: released (2013.2.2-1)
lucid_glance: DNE
precise_glance: not-affected
quantal_glance: not-affected
saucy_glance: not-affected (1:2013.2.2-0ubuntu1)
devel_glance: not-affected (1:2014.1~b3-0ubuntu2)