Design/Logic Flaw

2019-03-2618:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

CPENameOperatorVersion
octaviage2.0.0
octavialt2.0.2
octaviage3.0.0
octavialt3.0.1
openstackeq12
openstackeq14
openstackeq13

Name	Operator	Version
octavia	ge	2.0.0
octavia	lt	2.0.2
octavia	ge	3.0.0
octavia	lt	3.0.1
openstack	eq	12
openstack	eq	14
openstack	eq	13

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856