PT-2014-7847 · Openstack · Nova+3
Amrith
+1
·
Publicado
2014-10-08
·
Atualizado
2022-05-14
·
CVE-2014-7231
CVSS v2.0
2.1
Baixa
| Vetor | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Oslo utility library versions prior to 2013.2.4
OpenStack Oslo utility library versions prior to 2014.1.3
Cinder versions prior to 2013.2.4
Cinder versions prior to 2014.1.3
Nova versions prior to 2013.2.4
Nova versions prior to 2014.1.3
Trove versions prior to 2013.2.4
Trove versions prior to 2014.1.3
Description
The issue is related to the
strutils.mask password function, which does not properly mask passwords when logging commands. This allows local users to obtain passwords by reading the log.Recommendations
For OpenStack Oslo utility library versions prior to 2013.2.4, update to version 2013.2.4 or later.
For OpenStack Oslo utility library versions prior to 2014.1.3, update to version 2014.1.3 or later.
For Cinder versions prior to 2013.2.4, update to version 2013.2.4 or later.
For Cinder versions prior to 2014.1.3, update to version 2014.1.3 or later.
For Nova versions prior to 2013.2.4, update to version 2013.2.4 or later.
For Nova versions prior to 2014.1.3, update to version 2014.1.3 or later.
For Trove versions prior to 2013.2.4, update to version 2013.2.4 or later.
For Trove versions prior to 2014.1.3, update to version 2014.1.3 or later.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cinder
Nova
Openstack Oslo Utility Library
Trove