This security bulletin contains one low risk vulnerability.
CWE-200 - Information Exposure
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the ceilometer-agent prints by default sensitive information into log files, even when the DEBUG logging is not activated. A local user can view the log files and obtain sensitive information, such as administrative credentials.Mitigation
Install updates from vendor's website.Vulnerable software versions
Ceilometer: 10.0.0 - 11.0.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?