Lucene search

[email protected]NVD:CVE-2014-7230

HistoryOct 08, 2014 - 7:55 p.m.

CVE-2014-7230

2014-10-0819:55:04

CWE-200

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Affected configurations

NVD

Node

openstackcinderRange2013.2–2013.2.4

openstackcinderRange2014.1–2014.1.3

openstacknovaRange2013.2–2013.2.4

openstacknovaRange2014.1–2014.1.3

openstacktroveRange2013.2–2013.2.4

openstacktroveRange2014.1–2014.1.3

Node

redhatopenstackMatch5.0

Node

canonicalubuntu_linuxMatch14.04lts

References

rhn.redhat.com/errata/RHSA-2014-1939.html

seclists.org/oss-sec/2014/q3/853

www.securityfocus.com/bid/70185

www.ubuntu.com/usn/USN-2405-1

bugs.launchpad.net/oslo-incubator/+bug/1343604

exchange.xforce.ibmcloud.com/vulnerabilities/96725

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2014-7230

cvelist1 cve1 debiancve1 veracode1 prion1 ubuntucve1 openvas2 nessus4 redhat1 ubuntu2 securityvulns3