VYPR
Get started
← All advisories
Moderate severityNVD Advisory· Published Feb 14, 2014· Updated Apr 29, 2026

CVE-2014-1948

CVE-2014-1948

Description

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
glancePyPI
< 11.0.0a011.0.0a0

Affected products

2
  • OpenStack/Image Registry And Delivery Service \(glance\)2 versions
    cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:*:*:*:*:*:*:*

Patches

2
108f0e04ad2e

Removes logging of location uri

https://github.com/openstack/glanceNikhil KomawarFeb 5, 2014via ghsa
commit
1 file changed · +3 3
  • glance/store/__init__.py+3 3 modified
    @@ -658,9 +658,9 @@ def get_data(self):
 
                 return data
             except Exception as e:
-                LOG.warn(_('Get image %(id)s data from %(loc)s '
-                           'failed: %(err)s.') % {'id': self.image.image_id,
-                                                  'loc': loc, 'err': e})
+                LOG.warn(_('Get image %(id)s data failed: '
+                           '%(err)s.') % {'id': self.image.image_id,
+                                          'err': e})
                 err = e
         # tried all locations
         LOG.error(_('Glance tried all locations to get data for image %s '
f6e41e9c0ff3

Removes logging of location uri

https://github.com/openstack/glanceNikhil KomawarFeb 5, 2014via ghsa
commit
1 file changed · +3 3
  • glance/store/__init__.py+3 3 modified
    @@ -713,9 +713,9 @@ def get_data(self):
 
                 return data
             except Exception as e:
-                LOG.warn(_('Get image %(id)s data from %(loc)s '
-                           'failed: %(err)s.') % {'id': self.image.image_id,
-                                                  'loc': loc, 'err': e})
+                LOG.warn(_('Get image %(id)s data failed: '
+                           '%(err)s.') % {'id': self.image.image_id,
+                                          'err': e})
                 err = e
         # tried all locations
         LOG.error(_('Glance tried all locations to get data for image %s '

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.