{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"low"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2013-6384","title":"Title"},{"category":"description","text":"(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2013-6384","url":"https://www.suse.com/security/cve/CVE-2013-6384"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 852177 for CVE-2013-6384","url":"https://bugzilla.suse.com/852177"}],"title":"SUSE CVE CVE-2013-6384","tracking":{"current_release_date":"2025-04-25T12:08:30Z","generator":{"date":"2023-02-15T05:34:19Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2013-6384","initial_release_date":"2023-02-15T05:34:19Z","revision_history":[{"date":"2023-02-15T05:34:19Z","number":"2","summary":"Current version"},{"date":"2025-03-16T12:35:20Z","number":"3","summary":"Current version"},{"date":"2025-04-25T12:08:30Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Cloud 2.0","product":{"name":"SUSE Cloud 2.0","product_id":"SUSE Cloud 2.0"}},{"category":"product_name","name":"SUSE Cloud 4","product":{"name":"SUSE Cloud 4","product_id":"SUSE Cloud 4","product_identification_helper":{"cpe":"cpe:/a:suse:suse-cloud:4"}}},{"category":"product_name","name":"SUSE Cloud 4 Dependencies","product":{"name":"SUSE Cloud 4 Dependencies","product_id":"SUSE Cloud 4 Dependencies","product_identification_helper":{"cpe":"cpe:/o:suse:suse-cloud-deps:11:sp3"}}},{"category":"product_name","name":"SUSE Cloud 5","product":{"name":"SUSE Cloud 5","product_id":"SUSE Cloud 5","product_identification_helper":{"cpe":"cpe:/a:suse:suse-cloud:5"}}},{"category":"product_version","name":"openstack-ceilometer","product":{"name":"openstack-ceilometer","product_id":"openstack-ceilometer","product_identification_helper":{"cpe":"cpe:2.3:a:openstack:ceilometer:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/openstack-ceilometer@?upstream=openstack-ceilometer.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"openstack-ceilometer as component of SUSE Cloud 2.0","product_id":"SUSE Cloud 2.0:openstack-ceilometer"},"product_reference":"openstack-ceilometer","relates_to_product_reference":"SUSE Cloud 2.0"},{"category":"default_component_of","full_product_name":{"name":"openstack-ceilometer as component of SUSE Cloud 4","product_id":"SUSE Cloud 4:openstack-ceilometer"},"product_reference":"openstack-ceilometer","relates_to_product_reference":"SUSE Cloud 4"},{"category":"default_component_of","full_product_name":{"name":"openstack-ceilometer as component of SUSE Cloud 4 Dependencies","product_id":"SUSE Cloud 4 Dependencies:openstack-ceilometer"},"product_reference":"openstack-ceilometer","relates_to_product_reference":"SUSE Cloud 4 Dependencies"},{"category":"default_component_of","full_product_name":{"name":"openstack-ceilometer as component of SUSE Cloud 5","product_id":"SUSE Cloud 5:openstack-ceilometer"},"product_reference":"openstack-ceilometer","relates_to_product_reference":"SUSE Cloud 5"}]},"vulnerabilities":[{"cve":"CVE-2013-6384","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2013-6384"}],"notes":[{"category":"general","text":"(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Cloud 2.0:openstack-ceilometer","SUSE Cloud 4 Dependencies:openstack-ceilometer","SUSE Cloud 4:openstack-ceilometer","SUSE Cloud 5:openstack-ceilometer"]},"references":[{"category":"external","summary":"CVE-2013-6384","url":"https://www.suse.com/security/cve/CVE-2013-6384"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 852177 for CVE-2013-6384","url":"https://bugzilla.suse.com/852177"}],"threats":[{"category":"impact","date":"2010-09-01T10:32:57Z","details":"low"}],"title":"CVE-2013-6384"}]}