Lucene search
Veracode Vulnerability DatabaseVERACODE:15928HistoryMay 02, 2019 - 5:05 a.m.
Information Disclosure
2019-05-0205:05:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0
Percentile
5.1%
openstack-trove is vulnerable to information disclosure. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.
References
rhn.redhat.com/errata/RHSA-2014-1939.html
seclists.org/oss-sec/2014/q3/853
www.securityfocus.com/bid/70184
access.redhat.com/security/updates/classification/#low
bugs.launchpad.net/oslo.utils/+bug/1345233
bugzilla.redhat.com/show_bug.cgi?id=1149745
exchange.xforce.ibmcloud.com/vulnerabilities/96726
rhn.redhat.com/errata/RHSA-2014-1939.html
Related
github
github
OpenStack Oslo utility sensitive information exposure via log files
2022-05-14 01:58:44
cvelist
cvelist
CVE-2014-7231
2014-10-08 19:00:00
nvd
nvd
CVE-2014-7231
2014-10-08 19:55:04
ubuntucve
ubuntucve
CVE-2014-7231
2014-10-08 00:00:00
prion
prion
Design/Logic Flaw
2014-10-08 19:55:00
debiancve
debiancve
CVE-2014-7231
2014-10-08 19:55:04
cve
cve
CVE-2014-7231
2014-10-08 19:55:04
redhat
redhat
(RHSA-2014:1939) Low: openstack-trove security update
2014-12-02 16:42:21
nessus
nessus
RHEL 7 : openstack-trove (RHSA-2014:1939)
2024-04-24 00:00:00
RHEL 6 : openstack-cinder (RHSA-2014:1787)
2024-04-24 00:00:00