GHSA-xv7j-2v4w-cjvh

Suggest an improvement
Source
https://github.com/advisories/GHSA-xv7j-2v4w-cjvh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xv7j-2v4w-cjvh/GHSA-xv7j-2v4w-cjvh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xv7j-2v4w-cjvh
Aliases
Published
2022-05-05T02:48:35Z
Modified
2024-11-22T20:42:33.257593Z
Summary
OpenStack Glance logs user name and password in cleartext
Details

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

References

Affected packages

PyPI / glance

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2012.1
Fixed
2012.2.3