Lucene search

Ubuntu.comUB:CVE-2014-7230

HistoryOct 08, 2014 - 12:00 a.m.

CVE-2014-7230

2014-10-0800:00:00

ubuntu.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

The processutils.execute function in OpenStack oslo-incubator, Cinder,
Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local
users to obtain passwords from commands that cause a ProcessExecutionError
by reading the log.

Bugs

<https://launchpad.net/bugs/1343604>

Notes

Author	Note
jdstrand	nova/utils.py on Essex, but it only logs it with debug logging enabled. Reducing the priority for nova on 12.04 LTS.
ebarretto	trove is GNU trove, and this bug affects Openstack trove. So setting trove status to ignored.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchcinder< 1:2014.1.3-0ubuntu1UNKNOWN
ubuntu14.04noarchnova< 1:2014.1.3-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	cinder	< 1:2014.1.3-0ubuntu1	UNKNOWN
ubuntu	14.04	noarch	nova	< 1:2014.1.3-0ubuntu1	UNKNOWN

References

seclists.org/oss-sec/2014/q3/853

xforce.iss.net/xforce/xfdb/96725

launchpad.net/bugs/cve/CVE-2014-7230

nvd.nist.gov/vuln/detail/CVE-2014-7230

security-tracker.debian.org/tracker/CVE-2014-7230

ubuntu.com/security/notices/USN-2405-1

ubuntu.com/security/notices/USN-2407-1

www.cve.org/CVERecord?id=CVE-2014-7230

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2014-7230