Описание
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
Отчет
Red Hat Product Security rates this as a Moderate impact since the DEBUG log levels are normally not enabled in production environments. Also, an attacker would need access to both to change the log level and to read the log levels, which would imply the system is already compromised.
Меры по смягчению последствий
Avoid leaving the DEBUG log level enabled in critical environments.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 16.1 | python-glance-store | Out of support scope | ||
| Red Hat OpenStack Platform 16.2 | python-glance-store | Out of support scope | ||
| Red Hat OpenStack Platform 18.0 | python-glance-store | Affected | ||
| Red Hat OpenStack Platform 17.1 for RHEL 9 | python-glance-store | Fixed | RHSA-2024:2732 | 22.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
A vulnerability was found in python-glance-store. The issue occurs whe ...
Уязвимость библиотеки взаимодействия с бэкендами python-glance-store языка программирования Python, связанная с регистрацией избыточных данных, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
5.5 Medium
CVSS3