[OSSA 2014-004] sensitive info in image location is logged when authentication to single tenant swift store fails (CVE-2014-1948)
Bug #1275062 reported by
Nikhil Komawar
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
High
|
Nikhil Komawar | ||
Havana |
Fix Released
|
High
|
Nikhil Komawar | ||
OpenStack Security Advisory |
Fix Released
|
High
|
Jeremy Stanley |
Bug Description
WARNING glance.store [-] Get image <UUID> data from {'url': u'swift+https:/
19:13:05.027 ERROR glance.store [-] Glance tried all locations to get data for image <UUID> but all have failed.
CVE References
Changed in glance: | |
importance: | Undecided → Critical |
Changed in ossa: | |
status: | New → Incomplete |
Changed in glance: | |
status: | New → Confirmed |
description: | updated |
Changed in ossa: | |
status: | Incomplete → Confirmed |
importance: | Undecided → High |
summary: |
- image location is logged when authentication to store fails + sensitive info in image location is logged when authentication to single + tenant swift store fails |
Changed in ossa: | |
status: | Triaged → In Progress |
summary: |
- sensitive info in image location is logged when authentication to single - tenant swift store fails (CVE-2014-1948) + [OSSA 2014-004] sensitive info in image location is logged when + authentication to single tenant swift store fails (CVE-2014-1948) |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | icehouse-3 → 2014.1 |
To post a comment you must log in.
I think we should have an OSSA here. Others thought ?