CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1948 – openstack-glance: Glance Swift store backend password leak
https://notcve.org/view.php?id=CVE-2014-1948
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. OpenStack Image Registry and Delivery Service (Glance) 2013.2 hasta 2013.2.1 y Icehouse anterior a icehouse-2 registra una URL que contiene la contraseña de Swift store backend cuando falla la autenticación y el registro a nivel de advertencia está habilitado, lo que permite a usuarios locales obtener información sensible mediante la lectura del registro. • http://rhn.redhat.com/errata/RHSA-2014-0229.html http://secunia.com/advisories/56419 http://www.openwall.com/lists/oss-security/2014/02/12/18 http://www.securityfocus.com/bid/65507 https://bugs.launchpad.net/glance/+bug/1275062 https://access.redhat.com/security/cve/CVE-2014-1948 https://bugzilla.redhat.com/show_bug.cgi?id=1064589 • CWE-255: Credentials Management Errors CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 2CVE-2013-4428 – Glance: image_download policy not enforced for cached images
https://notcve.org/view.php?id=CVE-2013-4428
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly con versiones anteriores a 2013.1.4, y Havana con versiones anteriores a 2013.2, cuando se configura la política image_download, no restringe adecuadamente el acceso a las imágenes almacenadas en caché, lo que permite a usuarios remotos autenticados leer de otra manera imágenes restringidas a través de un imagen UUID. • http://rhn.redhat.com/errata/RHSA-2013-1525.html http://www.openwall.com/lists/oss-security/2013/10/15/8 http://www.openwall.com/lists/oss-security/2013/10/16/9 http://www.securityfocus.com/bid/63159 http://www.ubuntu.com/usn/USN-2003-1 https://bugs.launchpad.net/glance/+bug/1235226 https://bugs.launchpad.net/glance/+bug/1235378 https://launchpad.net/glance/+milestone/2013.1.4 https://launchpad.net/glance/+milestone/2013.2 https://access.redhat&# • CWE-264: Permissions, Privileges, and Access Controls •