2 results (0.001 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

01 Feb 2024 — A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. Se encontró una vulnerabilidad en python-glance-store. El problema ocurre cuando el paquete registra la clave de acceso para el almacén de vistazo cuando el nivel de registro DEBUG está habilitado. It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. • https://access.redhat.com/errata/RHSA-2024:2732 • CWE-779: Logging of Excessive Data •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

15 Mar 2013 — The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remot... • http://osvdb.org/91304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •