Lucene search
Symantec Security ResponseSMNTC-110860HistoryNov 07, 2019 - 12:00 a.m.
OpenStack Mistral CVE-2019-3866 Local Information Disclosure Vulnerability
2019-11-0700:00:00
Symantec Security Response
www.symantec.com
9
EPSS
0
Percentile
12.6%
Description
OpenStack Mistral is prone to a local information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks.
Technologies Affected
- OpenStack Mistral
- Redhat OpenStack Platform 10
- Redhat OpenStack Platform 13.0 (Queens)
- Redhat OpenStack Platform 14.0 (Rocky)
- Redhat OpenStack Platform 15 (Stein)
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run all server processes with the minimal amount of privileges required for functionality.
Updates are available. Please see the references or vendor advisory for more information.
References
Related
cvelist
cvelist
CVE-2019-3866
2019-11-08 14:45:58
debiancve
debiancve
CVE-2019-3866
2019-11-08 15:15:11
veracode
veracode
Information Disclosure
2019-11-11 02:39:50
nvd
nvd
CVE-2019-3866
2019-11-08 15:15:11
prion
prion
Information disclosure
2019-11-08 15:15:00
ubuntucve
ubuntucve
CVE-2019-3866
2019-11-08 00:00:00
redhatcve
redhatcve
CVE-2019-3866
2019-11-08 00:25:21
cve
cve
CVE-2019-3866
2019-11-08 15:15:11
redhat
redhat
(RHSA-2021:0420) Moderate: Red Hat Quay v3.4.0 security update
2021-02-04 16:10:17