OSSA-2017-002 (CVE-2017-7214)
Nova logs sensitive context from notification exceptions Change-Id: Iec1deae6bbe7fc73045c2abf9b3d44bafa86acc0 Closes-Bug: #1673569
This commit is contained in:
parent
0b074f5c16
commit
c54ed705df
|
@ -0,0 +1,38 @@
|
|||
date: 2017-03-23
|
||||
|
||||
id: OSSA-2017-002
|
||||
|
||||
title: Nova logs sensitive context from notification exceptions
|
||||
|
||||
description: >
|
||||
Matt Riedemann with Huawei reported a vulnerability in Nova. Legacy
|
||||
notification exception contexts appearing in ERROR level logs may include
|
||||
sensitive information such as account passwords and authorization tokens.
|
||||
All Nova setups are affected.
|
||||
|
||||
affected-products:
|
||||
- product: Nova
|
||||
version: ">=13.0.0 <=13.1.3, >=14.0.0 <=14.0.4, >=15.0.0 <=15.0.1"
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: CVE-2017-7214
|
||||
|
||||
reporters:
|
||||
- name: Matt Riedemann
|
||||
affiliation: Huawei
|
||||
reported:
|
||||
- CVE-2017-7214
|
||||
|
||||
issues:
|
||||
links:
|
||||
- https://launchpad.net/bugs/1673569
|
||||
|
||||
reviews:
|
||||
pike:
|
||||
- https://review.openstack.org/446948
|
||||
ocata:
|
||||
- https://review.openstack.org/447071
|
||||
newton:
|
||||
- https://review.openstack.org/447072
|
||||
mitaka:
|
||||
- https://review.openstack.org/447075
|
Loading…
Reference in New Issue