Nikhil Komawar

**Name of the Vulnerable Software and Affected Versions** OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 through 2013.2.1 OpenStack Image Registry and Delivery Service (Glance) Icehouse before icehouse-2 **Description** The issue allows local users to obtain sensitive information by reading the log when authentication fails and WARNING level logging is enabled. This is because the log contains a URL with the Swift store backend password. **Recommendations** For OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 through 2013.2.1, consider disabling WARNING level logging until a patch is available. For OpenStack Image Registry and Delivery Service (Glance) Icehouse before icehouse-2, consider disabling WARNING level logging until a patch is available. As a temporary workaround, restrict access to the log files to minimize the risk of exploitation.