First published: Wed Jan 17 2024(Updated: )
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/glance-store | <=4.6.1 | |
Openstack Glance-store | <4.7.0 | |
ubuntu/python-glance-store | <2.0.0-0ubuntu4.3 | 2.0.0-0ubuntu4.3 |
ubuntu/python-glance-store | <3.0.0-0ubuntu1.4 | 3.0.0-0ubuntu1.4 |
ubuntu/python-glance-store | <4.6.1-0ubuntu1.1 | 4.6.1-0ubuntu1.1 |
debian/python-glance-store | <=0.26.1-4<=2.3.0-4<=4.1.0-4<=4.7.0-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-1141 is classified as moderate due to the potential exposure of sensitive information.
To fix CVE-2024-1141, upgrade to python-glance-store version 4.7.0 or later.
CVE-2024-1141 affects python-glance-store versions up to and including 4.6.1.
Yes, CVE-2024-1141 is relevant for OpenStack installations using affected versions of glance-store.
CVE-2024-1141 can expose sensitive data such as access keys when debug logging is enabled.