openstack-trove is vulnerable to information disclosure. It was found that the processutils.execute()
and strutils.mask_password()
functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.
rhn.redhat.com/errata/RHSA-2014-1939.html
seclists.org/oss-sec/2014/q3/853
www.securityfocus.com/bid/70184
access.redhat.com/security/updates/classification/#low
bugs.launchpad.net/oslo.utils/+bug/1345233
bugzilla.redhat.com/show_bug.cgi?id=1149745
exchange.xforce.ibmcloud.com/vulnerabilities/96726
rhn.redhat.com/errata/RHSA-2014-1939.html