CVE-2013-6384

LOW Year: 2013
CVSS v2 Score
1.9
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

Related Vulnerabilities

CVE-2016-2943

LOW
CVSS:1.9(Low)

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.

CWE-5322016

CVE-2021-32724

CRITICAL
CVSS:9.9(Critical)

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) en...

CWE-5322021

CVE-2022-36407

CRITICAL
CVSS:9.9(Critical)

Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virt...

CWE-5322022

CVE-2016-8233

CRITICAL
CVSS:9.8(Critical)

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

CWE-5322016

CVE-2017-1000171

CRITICAL
CVSS:9.8(Critical)

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

CWE-5322017

CVE-2017-15366

CRITICAL
CVSS:9.8(Critical)

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client ...

CWE-5322017