PT-2019-13694 · Openstack+1 · Openstack Nova+1

Donny Davis

Publicado

2019-08-06

Atualizado

2022-10-27

CVE-2019-14433

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 17.0.12 OpenStack Nova versions 18.x prior to 18.2.2 OpenStack Nova versions 19.x prior to 19.0.2

Description An issue in OpenStack Nova may leak details of the underlying environment in the response to an API request from an authenticated user if the request ends in a fault condition due to an external exception. This could include sensitive configuration or other data.

Recommendations For OpenStack Nova versions prior to 17.0.12, update to version 17.0.12 or later. For OpenStack Nova versions 18.x prior to 18.2.2, update to version 18.2.2 or later. For OpenStack Nova versions 19.x prior to 19.0.2, update to version 19.0.2 or later.

Correção

Information Disclosure

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-209

Identificadores relacionados

CVE-2019-14433

DLA-3109-1

GHSA-PG64-R7RR-PHV8

PYSEC-2019-191

RHSA-2019:2622

RHSA-2019:2631

RHSA-2019:2652

USN-4104-1

Produtos afetados

Openstack Nova

Ubuntu

PT-2019-13694 · Openstack+1 · Openstack Nova+1

CVE-2019-14433

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25