CVE-2013-6384 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-6384 Interim 1 5 2022-09-19T00:26:42Z current 2021-05-30T13:15:59Z 2022-09-19T00:26:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-6384 (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud 2.0 SUSE Cloud 4 SUSE Cloud 4 Dependencies SUSE Cloud 5 openstack-ceilometer openstack-ceilometer as a component of SUSE Cloud 2.0 openstack-ceilometer as a component of SUSE Cloud 4 openstack-ceilometer as a component of SUSE Cloud 4 Dependencies openstack-ceilometer as a component of SUSE Cloud 5 (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. CVE-2013-6384 SUSE Cloud 2.0:openstack-ceilometer SUSE Cloud 4 Dependencies:openstack-ceilometer SUSE Cloud 4:openstack-ceilometer SUSE Cloud 5:openstack-ceilometer low 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N