// For flags

CVE-2024-1141

Glance-store: glance store access key logged in debug log level

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

Se encontró una vulnerabilidad en python-glance-store. El problema ocurre cuando el paquete registra la clave de acceso para el almacén de vistazo cuando el nivel de registro DEBUG está habilitado.

It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain access_key values.

*Credits: Red Hat would like to thank Lujie (ICT) for reporting this issue.
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-01 CVE Reserved
  • 2024-02-01 CVE Published
  • 2024-11-24 CVE Updated
  • 2025-07-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-779: Logging of Excessive Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
 Glance-store
Search vendor "Openstack" for product "Glance-store"
 < 4.7.0
Search vendor "Openstack" for product "Glance-store" and version " < 4.7.0"
-
Affected