yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1275062] Re: [OSSA 2014-004] sensitive info in image location is logged when authentication to single tenant swift store fails (CVE-2014-1948)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 05 Mar 2014 10:23:55 -0000
Reply-to: Bug 1275062 <1275062@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1275062

Title:
  [OSSA 2014-004] sensitive info in image location is logged when
  authentication to single tenant swift store fails (CVE-2014-1948)

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released
Status in Glance havana series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  WARNING glance.store [-] Get image <UUID> data from {'url':
  u'swift+https://XXXXX@my_auth_url.com/v2.0/my-images/<uuid>,
  'metadata': {}} failed: Auth GET failed: https://my_auth_url.com
  RESP_CODE

  19:13:05.027  ERROR glance.store [-] Glance tried all locations to get
  data for image <UUID> but all have failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1275062/+subscriptions