OpenStack Ceilometer contains a flaw that is due to the program failing to properly set permissions for log files. This may allow a local attacker to gain access to DB2 or MongoDB password information stored in plaintext.
Local Access Required
Loss of Confidentiality
Patch / RCS
OSVDB is not currently aware of a solution for this vulnerability.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.