Lucene search
+L

159 matches found

OSV
OSV
added 2022/05/14 1:58 a.m.8 views

GHSA-V933-VX5P-J7W2 OpenStack Oslo utility sensitive information exposure via log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

2.1CVSS5.8AI score0.00528EPSS
Exploits1References7
Veracode
Veracode
added 2022/04/16 4:35 p.m.27 views

Information Disclosure

python-oslo-utils is vulnerable to information disclosure. The vulnerability exists because improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS2.4AI score0.01335EPSS
Exploits1References9Affected Software3
OSV
OSV
added 2022/04/07 1:30 p.m.2 views

USN-5369-1 python-oslo.utils vulnerability

It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

4.9CVSS7.1AI score0.01335EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/04/07 12:0 a.m.30 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : oslo.utils vulnerability (USN-5369-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5369-1 advisory. It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

4.9CVSS5.9AI score0.01335EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.58 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-oslo-utils) (RHSA-2022:0993)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0993 advisory. The OpenStack Oslo Utility library. Security Fixes: incorrect password masking in debug output CVE-2022-0718 For more details about the security...

4.9CVSS5.9AI score0.01335EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/03/23 10:12 p.m.24 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-oslo-utils) security update

An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

4.9CVSS6.1AI score0.01335EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/03/23 10:12 p.m.5 views

python-oslo-utils: incorrect password masking in debug output

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS5.7AI score0.01335EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.4 views

PT-2022-13384 · Openstack +4 · Python-Oslo-Utils +4

Name of the Vulnerable Software and Affected Versions: python-oslo-utils affected versions not specified Description: A flaw was found in python-oslo-utils due to improper parsing. Passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password afte...

6.9CVSS7AI score0.01335EPSS
Exploits1References35
UbuntuCve
UbuntuCve
added 2022/03/23 12:0 a.m.26 views

CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS6.2AI score0.01335EPSS
Exploits1References3
OSV
OSV
added 2022/03/23 12:0 a.m.3 views

UBUNTU-CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS7AI score0.01335EPSS
Exploits1References4
Openbugbounty
Openbugbounty
added 2022/03/21 8:8 a.m.8 views

oslokiropraktikk.no Improper Access Control vulnerability OBB-2438691

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2022/02/22 8:27 a.m.31 views

CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

6CVSS3AI score0.01335EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.7 views

Python-Oslo-Utils 日志信息泄露漏洞

Python-Oslo-Utils is a library from the OpenStack community. It is used to provide support for common utility type functions such as encoding, exception handling, string manipulation and time handling. A security vulnerability exists in Python-Oslo-Utils. No information about this vulnerability i...

4.9CVSS5.8AI score0.01335EPSS
Exploits1References16
Openbugbounty
Openbugbounty
added 2020/06/11 3:35 p.m.13 views

oslo.skischoolshop.com Cross Site Scripting vulnerability OBB-1192958

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/04/20 5:0 a.m.6 views

indianembassyoslo.gov.in Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1147500 Security Researcher D3F4ULT Helped patch 10 vulnerabilities Received 0 Coordinated Disclosure badges Received 2 recommendations , found a security vulnerability affecting indianembassyoslo.gov.in website and its users. Following coordinated and responsible...

0.1AI score
Exploits0
OSV
OSV
added 2020/03/11 11:30 a.m.2 views

SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift

This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova,...

9.3CVSS7.5AI score0.07627EPSS
Exploits1References39
vulnersOsv
vulnersOsv
added 2018/07/13 3:16 p.m.4 views

gnocchi (>=3.0.21 <=4.2.4), monasca-agent (>=1.1.20 <=1.4.0) +1 more potentially affected by CVE-2017-2592 via oslo-middleware (>=2.8.0 <=3.37.1)

oslo-middleware PYPI version =2.8.0, =3.0.21, =1.1.20, =1.0.25, =1.0.27 Source cves: CVE-2017-2592 Source advisory: OSV:GHSA-XCP8-HH74-F6MC...

5.9CVSS6.1AI score0.00467EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/07/13 3:16 p.m.4 views

monasca-agent (>=1.3.0 <=1.4.0) potentially affected by CVE-2017-2592 via oslo-middleware (=3.20.0)

oslo-middleware PYPI version =3.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on oslo-middleware and may be impacted: - monasca-agent =1.3.0, =1.4.0 Source cves: CVE-2017-2592 Source advisory: OSV:GHSA-XCP8-HH74-F6MC...

5.9CVSS6.1AI score0.00467EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/07/13 3:16 p.m.26 views

oslo.middleware Information Disclosure vulnerability

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS4.9AI score0.00467EPSS
Exploits0References14Affected Software2
OSV
OSV
added 2018/07/13 3:16 p.m.24 views

GHSA-XCP8-HH74-F6MC oslo.middleware Information Disclosure vulnerability

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

7.1CVSS4.9AI score0.00467EPSS
Exploits0References15
Rows per page
Query Builder