OSSA-2017-002 (CVE-2017-7214)

Nova logs sensitive context from notification exceptions

Change-Id: Iec1deae6bbe7fc73045c2abf9b3d44bafa86acc0
Closes-Bug: #1673569
This commit is contained in:
Jeremy Stanley 2017-03-22 14:23:58 +00:00
parent 0b074f5c16
commit c54ed705df
1 changed files with 38 additions and 0 deletions

38
ossa/OSSA-2017-002.yaml Normal file
View File

@ -0,0 +1,38 @@
date: 2017-03-23
id: OSSA-2017-002
title: Nova logs sensitive context from notification exceptions
description: >
Matt Riedemann with Huawei reported a vulnerability in Nova. Legacy
notification exception contexts appearing in ERROR level logs may include
sensitive information such as account passwords and authorization tokens.
All Nova setups are affected.
affected-products:
- product: Nova
version: ">=13.0.0 <=13.1.3, >=14.0.0 <=14.0.4, >=15.0.0 <=15.0.1"
vulnerabilities:
- cve-id: CVE-2017-7214
reporters:
- name: Matt Riedemann
affiliation: Huawei
reported:
- CVE-2017-7214
issues:
links:
- https://launchpad.net/bugs/1673569
reviews:
pike:
- https://review.openstack.org/446948
ocata:
- https://review.openstack.org/447071
newton:
- https://review.openstack.org/447072
mitaka:
- https://review.openstack.org/447075