Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2013-6384 |
CWE-ID | CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Ceilometer Operating systems & Components / Operating system package or component |
Vendor | Openstack |
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU42327
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2013-6384
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.
MitigationInstall update from vendor's website.
Vulnerable software versionsCeilometer: 2013.1
http://www.openwall.com/lists/oss-security/2013/11/22/3
http://www.openwall.com/lists/oss-security/2013/11/25/3
http://bugs.launchpad.net/ceilometer/+bug/1244476
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?