CVE-2014-7231

OpenStack <2013.2.4 & <2014.1.3 - Info Disclosure

Title source: llm

Description

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

References (5)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1939.html

[Mailing List, Third Party Advisory] http://seclists.org/oss-sec/2014/q3/853

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70184

[Exploit, Third Party Advisory] https://bugs.launchpad.net/oslo.utils/+bug/1345233

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/96726

Scores

EPSS 0.0016

EPSS Percentile 36.3%

Classification

CWE

CWE-200

Status draft

Affected Products (5)

openstack/cinder < 2013.2.4

openstack/nova < 2013.2.4

openstack/trove < 2013.2.4

redhat/openstack

pypi/oslo.utils < 0.2.0PyPI

Timeline

Published Oct 08, 2014

Tracked Since Feb 18, 2026