DEBIAN-CVE-2013-6384

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2013-6384

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-6384.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2013-6384

Upstream

CVE-2013-6384

Published

2013-11-23T18:55:04.720Z

Modified

2025-11-19T01:19:05.037257Z

Summary

[none]

Details

(1) impldb2.py and (2) implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

References

https://security-tracker.debian.org/tracker/CVE-2013-6384

Affected packages

Debian:11 / ceilometer

Package

Name: ceilometer
Purl: pkg:deb/debian/ceilometer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-6384.json"

Debian:12 / ceilometer

Package

Name: ceilometer
Purl: pkg:deb/debian/ceilometer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-6384.json"

Debian:13 / ceilometer

Package

Name: ceilometer
Purl: pkg:deb/debian/ceilometer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-6384.json"

Debian:14 / ceilometer

Package

Name: ceilometer
Purl: pkg:deb/debian/ceilometer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-6384.json"