CVE-2014-7230

2014-10-08T00:00:00
ID UB:CVE-2014-7230
Type ubuntucve
Reporter ubuntu.com
Modified 2014-10-08T00:00:00

Description

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Bugs

  • <https://launchpad.net/bugs/1343604>

Notes

Author| Note
---|---
jdstrand | nova/utils.py on Essex, but it only logs it with debug logging enabled. Reducing the priority for nova on 12.04 LTS.
ebarretto | trove is GNU trove, and this bug affects Openstack trove. So setting trove status to ignored.