Description
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1595
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96998
Patch, Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1673569
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1508
Scores
CVSS v3
9.8
EPSS
0.0130
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (13)
openstack/nova
13.0.0
openstack/nova
13.1.0
openstack/nova
13.1.1
openstack/nova
13.1.2
openstack/nova
13.1.3
openstack/nova
14.0.0
openstack/nova
14.0.1
openstack/nova
14.0.2
openstack/nova
14.0.3
openstack/nova
14.0.4
... and 3 more
Published
Mar 21, 2017
Tracked Since
Feb 18, 2026