Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hv5w-ujbk-q7h4

Summary OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

Aliases

alias	CVE-2014-1948

alias	GHSA-4xw6-hj5p-4j79

alias	PYSEC-2014-102

Fixed_packages

url	pkg:deb/debian/glance@2013.2.2-1?distro=trixie
purl	pkg:deb/debian/glance@2013.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2013.2.2-1%3Fdistro=trixie

url pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fyj7-ewgp-tybe

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/glance@2:30.0.0-3%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/glance@2:30.0.0-3%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/glance@2:32.0.0-2?distro=trixie
purl	pkg:deb/debian/glance@2:32.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie

Affected_packages

References

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0229.html

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0229.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-1948

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.1953
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-1948

reference_url

https://bugs.launchpad.net/glance/+bug/1275062

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/glance/+bug/1275062

reference_url	http://secunia.com/advisories/56419
reference_id
reference_type
scores
url	http://secunia.com/advisories/56419

reference_url

https://github.com/openstack/glance

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance

reference_url

https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba

reference_url

https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-1948

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-1948

reference_url

http://www.openwall.com/lists/oss-security/2014/02/12/18

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/02/12/18

reference_url	http://www.securityfocus.com/bid/65507
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/65507

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924
reference_id	738924
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924

Weaknesses

cwe_id	532
name	Insertion of Sensitive Information into Log File
description	Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hv5w-ujbk-q7h4

Vulnerability Instance