-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub commit 8881a42 explicitly shows a change in ceilometer/agent.py where LOG.info() was replaced with LOG.debug() for printing configuration data. This matches the CWE-532 description of sensitive info in logs, and the CVE description confirms the agent leaked configs without DEBUG mode. The function's direct interaction with config loading and logging makes it the clear vulnerability source.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ceilometer | pip | < 12.0.0.0rc1 | 12.0.0.0rc1 |