CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
openstackglance-store
𝑥
< 4.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-glance-store
bullseye
no-dsa
bookworm
no-dsa
buster
no-dsa
sid
4.9.1-2
fixed
trixie
4.9.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-glance-store
plucky
Fixed 4.6.1-0ubuntu3
released
oracular
Fixed 4.6.1-0ubuntu3
released
noble
Fixed 4.6.1-0ubuntu3
released
mantic
Fixed 4.6.1-0ubuntu1.1
released
jammy
Fixed 3.0.0-0ubuntu1.4
released
focal
Fixed 2.0.0-0ubuntu4.3
released
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:2732
https://access.redhat.com/security/cve/CVE-2024-1141
https://bugzilla.redhat.com/show_bug.cgi?id=2258836
https://access.redhat.com/errata/RHSA-2024:2732
https://access.redhat.com/security/cve/CVE-2024-1141
https://bugzilla.redhat.com/show_bug.cgi?id=2258836