Description
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
References (8)
Core 8
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://launchpad.net/bugs/1837877
Patch, Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2019-003.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/08/06/6
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4104-1/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2631
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2622
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2652
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
Scores
CVSS v3
6.5
EPSS
0.0133
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (9)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
debian/debian_linux
10.0
openstack/nova
< 17.0.12
pypi/nova
0 - 17.0.12PyPI
redhat/openstack
10
redhat/openstack
13
redhat/openstack
14
Published
Aug 09, 2019
Tracked Since
Feb 18, 2026