39 lines
899 B
YAML
39 lines
899 B
YAML
date: 2017-03-23
|
|
|
|
id: OSSA-2017-002
|
|
|
|
title: Nova logs sensitive context from notification exceptions
|
|
|
|
description: >
|
|
Matt Riedemann with Huawei reported a vulnerability in Nova. Legacy
|
|
notification exception contexts appearing in ERROR level logs may include
|
|
sensitive information such as account passwords and authorization tokens.
|
|
All Nova setups are affected.
|
|
|
|
affected-products:
|
|
- product: Nova
|
|
version: ">=13.0.0 <=13.1.3, >=14.0.0 <=14.0.4, >=15.0.0 <=15.0.1"
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2017-7214
|
|
|
|
reporters:
|
|
- name: Matt Riedemann
|
|
affiliation: Huawei
|
|
reported:
|
|
- CVE-2017-7214
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1673569
|
|
|
|
reviews:
|
|
pike:
|
|
- https://review.openstack.org/446948
|
|
ocata:
|
|
- https://review.openstack.org/447071
|
|
newton:
|
|
- https://review.openstack.org/447072
|
|
mitaka:
|
|
- https://review.openstack.org/447075
|