Launchpad CVE tracker

CVE 2013-6384

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

Related bugs and status

CVE-2013-6384 (Candidate) is related to these bugs:

Bug #1244476: [OSSA 2013-031] Ceilometer log contains DB password in plain text (CVE-2013-6384)

		In	Importance	Status
1244476	[OSSA 2013-031] Ceilometer log contains DB password in plain text (CVE-2013-6384)	Ceilometer	High	Fix Released
1244476	[OSSA 2013-031] Ceilometer log contains DB password in plain text (CVE-2013-6384)	OpenStack Security Advisory	Medium	Fix Released
1244476	[OSSA 2013-031] Ceilometer log contains DB password in plain text (CVE-2013-6384)	Ceilometer havana	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...

Launchpad.net

CVE 2013-6384

Related bugs and status

Related bugs

References