Lucene search

[email protected]NVD:CVE-2019-14433

HistoryAug 09, 2019 - 7:15 p.m.

CVE-2019-14433

2019-08-0919:15:11

CWE-209

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

65.7%

JSON

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Affected configurations

Nvd

Node

openstacknovaRange<17.0.12

openstacknovaRange18.0.0–18.2.2

openstacknovaRange19.0.0–19.0.2

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

Node

redhatopenstackMatch10

redhatopenstackMatch13

redhatopenstackMatch14

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
openstacknova*cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux19.04cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
redhatopenstack10cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
redhatopenstack13cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
redhatopenstack14cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	nova	*	cpe:2.3:a:openstack:nova::::::::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
redhat	openstack	10	cpe:2.3:a:redhat:openstack:10:::::::*
redhat	openstack	13	cpe:2.3:a:redhat:openstack:13:::::::*
redhat	openstack	14	cpe:2.3:a:redhat:openstack:14:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*