Openstack · Python-Oslo-Middleware · CVE-2017-2592
Name of the Vulnerable Software and Affected Versions:
python-oslo-middleware versions prior to 3.8.1, 3.19.1, 3.23.1
Description:
The issue allows system users to obtain sensitive information from OpenStack component error logs, such as keystone tokens, by exploiting a flaw in the CatchError class. This class could include sensitive values in a traceback's error message, leading to an information disclosure.
Recommendations:
For versions prior to 3.8.1, update to version 3.8.1 or later.
For versions prior to 3.19.1, update to version 3.19.1 or later.
For versions prior to 3.23.1, update to version 3.23.1 or later.