CVE-2019-14433

MEDIUM

OpenStack Nova <17.0.12-19.0.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

References (8)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/08/06/6

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2622

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2631

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2652

[Issue Tracking, Patch, Third Party Advisory] https://launchpad.net/bugs/1837877

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html

[Patch, Vendor Advisory] https://security.openstack.org/ossa/OSSA-2019-003.html

[Third Party Advisory] https://usn.ubuntu.com/4104-1/

Scores

CVSS v3 6.5

EPSS 0.0133

EPSS Percentile 79.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-209

Status published

Affected Products (9)

openstack/nova < 17.0.12

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

redhat/openstack

redhat/openstack

redhat/openstack

debian/debian_linux

pypi/nova < 17.0.12PyPI

Timeline

Published Aug 09, 2019

Tracked Since Feb 18, 2026