CVE-2024-1141 – Glance-store: glance store access key logged in debug log level
https://notcve.org/view.php?id=CVE-2024-1141
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. Se encontró una vulnerabilidad en python-glance-store. El problema ocurre cuando el paquete registra la clave de acceso para el almacén de vistazo cuando el nivel de registro DEBUG está habilitado. • https://access.redhat.com/errata/RHSA-2024:2732 https://access.redhat.com/security/cve/CVE-2024-1141 https://bugzilla.redhat.com/show_bug.cgi?id=2258836 • CWE-779: Logging of Excessive Data •
CVE-2013-1840 – Glance: Backend credentials leak in Glance v1 API
https://notcve.org/view.php?id=CVE-2013-1840
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a través de una solicitud de una imagen almacenada en caché. • http://osvdb.org/91304 http://rhn.redhat.com/errata/RHSA-2013-0707.html http://secunia.com/advisories/52565 http://www.openwall.com/lists/oss-security/2013/03/14/15 http://www.securityfocus.com/bid/58490 http://www.ubuntu.com/usn/USN-1764-1 https://bugs.launchpad.net/glance/+bug/1135541 https://exchange.xforce.ibmcloud.com/vulnerabilities/82878 https://review.openstack.org/#/c/24437 https://review.openstack.org/#/c/24438 https://review.openstack.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •