CVE-2022-0718

2022-08-2915:15:09

CWE-532

CWE-522

[email protected]

web.nvd.nist.gov

flaw

python-oslo-utils

incorrect masking

debug logs

plaintext password

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.0%

JSON

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Affected configurations

Nvd

Node

openstackoslo.utilsRange<4.10.1

openstackoslo.utilsMatch4.12.0

Node

redhatopenshift_container_platformMatch4.0

redhatopenstack_platformMatch16.1

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

VendorProductVersionCPE
openstackoslo.utils*cpe:2.3:a:openstack:oslo.utils:*:*:*:*:*:*:*:*
openstackoslo.utils4.12.0cpe:2.3:a:openstack:oslo.utils:4.12.0:*:*:*:*:*:*:*
redhatopenshift_container_platform4.0cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
redhatopenstack_platform16.1cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	oslo.utils	*	cpe:2.3:a:openstack:oslo.utils::::::::
openstack	oslo.utils	4.12.0	cpe:2.3:a:openstack:oslo.utils:4.12.0:::::::*
redhat	openshift_container_platform	4.0	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
redhat	openstack_platform	16.1	cpe:2.3:a:redhat:openstack_platform:16.1:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*