GitHub Advisory DatabaseGHSA-F4G4-CJ8F-3CR9OpenStack Nova logs sensitive context from notification exceptions
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.0%
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
Affected configurations
References
www.securityfocus.com/bid/96998
access.redhat.com/errata/RHSA-2017:1508
access.redhat.com/errata/RHSA-2017:1595
github.com/advisories/GHSA-f4g4-cj8f-3cr9
github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
launchpad.net/bugs/1673569
nvd.nist.gov/vuln/detail/CVE-2017-7214
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.0%