Unrated severityNVD Advisory· Published Nov 23, 2013· Updated Apr 29, 2026

CVE-2013-6384

Description

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

Affected products

OpenStack/Ceilometer
cpe:2.3:a:openstack:ceilometer:*:*:*:*:*:*:*:*
Range: >=2013.1,<=2013.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.launchpad.net/ceilometer/+bug/1244476nvdExploitIssue TrackingThird Party Advisory
www.openwall.com/lists/oss-security/2013/11/22/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2013/11/25/3nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000