{
  "threat_severity" : "Moderate",
  "public_date" : "2024-01-17T00:00:00Z",
  "bugzilla" : {
    "description" : "glance-store: Glance Store access key logged in DEBUG log level",
    "id" : "2258836",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2258836"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-779",
  "details" : [ "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.", "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled." ],
  "statement" : "Red Hat Product Security rates this as a Moderate impact since the DEBUG log levels are normally not enabled in production environments. Also, an attacker would need access to both to change the log level and to read the log levels, which would imply the system is already compromised.",
  "acknowledgement" : "Red Hat would like to thank Lujie (ICT) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:2732",
    "cpe" : "cpe:/a:redhat:openstack:17.1::el9",
    "package" : "python-glance-store-0:2.5.1-17.1.20230621023901.el9ost"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Out of support scope",
    "package_name" : "python-glance-store",
    "cpe" : "cpe:/a:redhat:openstack:16.1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Out of support scope",
    "package_name" : "python-glance-store",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 18.0",
    "fix_state" : "Affected",
    "package_name" : "python-glance-store",
    "cpe" : "cpe:/a:redhat:openstack:18.0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-1141\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1141" ],
  "name" : "CVE-2024-1141",
  "mitigation" : {
    "value" : "Avoid leaving the DEBUG log level enabled in critical environments.",
    "lang" : "en:us"
  },
  "csaw" : false
}