28 matches found
RHEL 7 : python-oslo-middleware (RHSA-2017:0300)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0300 advisory. The OpenStack Oslo Middleware library provides components that can be injected into WSGI pipelines to intercept request and response flows. The base...
RHSA-2017:0300 Red Hat Security Advisory: python-oslo-middleware security update
Bulletin has no description...
RHSA-2017:0435 Red Hat Security Advisory: python-oslo-middleware security update
Bulletin has no description...
SUSE CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
monasca-agent (>=1.3.0 <=1.4.0) potentially affected by CVE-2017-2592 via oslo-middleware (=3.20.0)
oslo-middleware PYPI version =3.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on oslo-middleware and may be impacted: - monasca-agent =1.3.0, =1.4.0 Source cves: CVE-2017-2592 Source advisory: OSV:GHSA-XCP8-HH74-F6MC...
oslo.middleware Information Disclosure vulnerability
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
GHSA-XCP8-HH74-F6MC oslo.middleware Information Disclosure vulnerability
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
gnocchi (>=3.0.21 <=4.2.4), monasca-agent (>=1.1.20 <=1.4.0) +1 more potentially affected by CVE-2017-2592 via oslo-middleware (>=2.8.0 <=3.37.1)
oslo-middleware PYPI version =2.8.0, =3.0.21, =1.1.20, =1.0.25, =1.0.27 Source cves: CVE-2017-2592 Source advisory: OSV:GHSA-XCP8-HH74-F6MC...
Ubuntu 16.04 LTS : Oslo middleware vulnerability (USN-3666-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3666-1 advisory. Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information fr...
USN-3666-1: Oslo middleware vulnerability
Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information from OpenStack component error logs...
USN-3666-1 python-oslo.middleware vulnerability
Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information from OpenStack component error logs...
PYSEC-2018-104
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
monasca-agent (>=1.3.0 <=1.4.0) potentially affected by CVE-2017-2592 via oslo-middleware (=3.20.0)
oslo-middleware PYPI version =3.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on oslo-middleware and may be impacted: - monasca-agent =1.3.0, =1.4.0 Source cves: CVE-2017-2592 Source advisory: OSV:PYSEC-2018-104...
DEBIAN-CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
Information disclosure
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
gnocchi (>=3.0.21 <=4.2.4), monasca-agent (>=1.1.20 <=1.4.0) +1 more potentially affected by CVE-2017-2592 via oslo-middleware (>=2.8.0 <=3.37.1)
oslo-middleware PYPI version =2.8.0, =3.0.21, =1.1.20, =1.0.25, =1.0.27 Source cves: CVE-2017-2592 Source advisory: OSV:PYSEC-2018-104...
PYSEC-2018-104
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
CVE-2017-2592
CVE-2017-2592 affects the python-oslo-middleware CatchError path, causing information disclosure by including sensitive data in traceback messages. Affected versions are pre-3.8.1, pre-3.19.1, and pre-3.23.1. Impact can expose sensitive info from OpenStack component error logs (e.g., keystone tok...