Browse Source

OSSA-2017-002 (CVE-2017-7214)

Nova logs sensitive context from notification exceptions

Change-Id: Iec1deae6bbe7fc73045c2abf9b3d44bafa86acc0
Closes-Bug: #1673569
Jeremy Stanley 2 years ago
parent
commit
c54ed705df
1 changed files with 38 additions and 0 deletions
  1. 38
    0
      ossa/OSSA-2017-002.yaml

+ 38
- 0
ossa/OSSA-2017-002.yaml View File

@@ -0,0 +1,38 @@
1
+date: 2017-03-23
2
+
3
+id: OSSA-2017-002
4
+
5
+title: Nova logs sensitive context from notification exceptions
6
+
7
+description: >
8
+   Matt Riedemann with Huawei reported a vulnerability in Nova. Legacy
9
+   notification exception contexts appearing in ERROR level logs may include
10
+   sensitive information such as account passwords and authorization tokens.
11
+   All Nova setups are affected.
12
+
13
+affected-products:
14
+  - product: Nova
15
+    version: ">=13.0.0 <=13.1.3, >=14.0.0 <=14.0.4, >=15.0.0 <=15.0.1"
16
+
17
+vulnerabilities:
18
+  - cve-id: CVE-2017-7214
19
+
20
+reporters:
21
+  - name: Matt Riedemann
22
+    affiliation: Huawei
23
+    reported:
24
+      - CVE-2017-7214
25
+
26
+issues:
27
+  links:
28
+    - https://launchpad.net/bugs/1673569
29
+
30
+reviews:
31
+  pike:
32
+    - https://review.openstack.org/446948
33
+  ocata:
34
+    - https://review.openstack.org/447071
35
+  newton:
36
+    - https://review.openstack.org/447072
37
+  mitaka:
38
+    - https://review.openstack.org/447075

Loading…
Cancel
Save