CVE-2024-1141

Summary

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

Affected Software

VendorProductVersion RangeStatus
0 < 4.7.0affected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 90:2.5.1-17.1.20230621023901.el9ost < *unaffected

Weaknesses

  • CWE-779: Logging of Excessive Data

Workarounds

Avoid leaving the DEBUG log level enabled in critical environments.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References