
CVE-2024-1141 – Glance-store: glance store access key logged in debug log level
https://notcve.org/view.php?id=CVE-2024-1141
01 Feb 2024 — A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. Se encontró una vulnerabilidad en python-glance-store. El problema ocurre cuando el paquete registra la clave de acceso para el almacén de vistazo cuando el nivel de registro DEBUG está habilitado. It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. • https://access.redhat.com/errata/RHSA-2024:2732 • CWE-779: Logging of Excessive Data •

CVE-2013-1840 – Glance: Backend credentials leak in Glance v1 API
https://notcve.org/view.php?id=CVE-2013-1840
15 Mar 2013 — The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remot... • http://osvdb.org/91304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •