CVE-2024-1141 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-1141

CVE-2024-1141

February 01, 2024

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

Related Resources (6)

https://bugzilla.redhat.com/show_bug.cgi?id=2258836

https://access.redhat.com/security/cve/CVE-2024-1141

https://github.com/openstack/glance_store

https://nvd.nist.gov/vuln/detail/CVE-2024-1141

https://github.com/openstack/glance_store/commit/d6e531af4821c8466b1e9404f12f89f6216417f2

https://access.redhat.com/errata/RHSA-2024:2732

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Logging of Excessive Data

CWE-779

EPSS

Base Score:

0.03

Products

Solutions

Resources

Company

Compare

Developer Tools