Sensitive Information Disclosure in OpenStack Ceilometer Logging

Sensitive Information Disclosure in OpenStack Ceilometer Logging

CVE-2013-6384 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

Learn more about our Cis Benchmark Audit For Ibm Db2.