159 matches found
GHSA-V933-VX5P-J7W2 OpenStack Oslo utility sensitive information exposure via log files
The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...
Information Disclosure
python-oslo-utils is vulnerable to information disclosure. The vulnerability exists because improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
USN-5369-1 python-oslo.utils vulnerability
It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : oslo.utils vulnerability (USN-5369-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5369-1 advisory. It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-oslo-utils) (RHSA-2022:0993)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0993 advisory. The OpenStack Oslo Utility library. Security Fixes: incorrect password masking in debug output CVE-2022-0718 For more details about the security...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-oslo-utils) security update
An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
python-oslo-utils: incorrect password masking in debug output
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
PT-2022-13384 · Openstack +4 · Python-Oslo-Utils +4
Name of the Vulnerable Software and Affected Versions: python-oslo-utils affected versions not specified Description: A flaw was found in python-oslo-utils due to improper parsing. Passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password afte...
CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
UBUNTU-CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
oslokiropraktikk.no Improper Access Control vulnerability OBB-2438691
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
Python-Oslo-Utils 日志信息泄露漏洞
Python-Oslo-Utils is a library from the OpenStack community. It is used to provide support for common utility type functions such as encoding, exception handling, string manipulation and time handling. A security vulnerability exists in Python-Oslo-Utils. No information about this vulnerability i...
oslo.skischoolshop.com Cross Site Scripting vulnerability OBB-1192958
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
indianembassyoslo.gov.in Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1147500 Security Researcher D3F4ULT Helped patch 10 vulnerabilities Received 0 Coordinated Disclosure badges Received 2 recommendations , found a security vulnerability affecting indianembassyoslo.gov.in website and its users. Following coordinated and responsible...
SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift
This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova,...
gnocchi (>=3.0.21 <=4.2.4), monasca-agent (>=1.1.20 <=1.4.0) +1 more potentially affected by CVE-2017-2592 via oslo-middleware (>=2.8.0 <=3.37.1)
oslo-middleware PYPI version =2.8.0, =3.0.21, =1.1.20, =1.0.25, =1.0.27 Source cves: CVE-2017-2592 Source advisory: OSV:GHSA-XCP8-HH74-F6MC...
monasca-agent (>=1.3.0 <=1.4.0) potentially affected by CVE-2017-2592 via oslo-middleware (=3.20.0)
oslo-middleware PYPI version =3.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on oslo-middleware and may be impacted: - monasca-agent =1.3.0, =1.4.0 Source cves: CVE-2017-2592 Source advisory: OSV:GHSA-XCP8-HH74-F6MC...
oslo.middleware Information Disclosure vulnerability
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
GHSA-XCP8-HH74-F6MC oslo.middleware Information Disclosure vulnerability
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...