PT-2019-16740 · Openstack · Openstack Ceilometer

Publicado

2019-03-26

Atualizado

2022-05-13

CVE-2019-3830

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Ceilometer versions prior to 12.0.0.0rc1

Description A vulnerability was found in ceilometer that results in an Information Exposure. The ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

Recommendations For versions prior to 12.0.0.0rc1, update to version 12.0.0.0rc1 or later to resolve the issue. As a temporary workaround, consider configuring the logging settings to prevent sensitive data from being printed to log files. Restrict access to log files to minimize the risk of exploitation.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2019-3830

GHSA-2CVF-R9JM-4QM9

PYSEC-2019-78

PYSEC-2019-8

RHSA-2019:0566

RHSA-2019:0580

RHSA-2019:0919

Produtos afetados

Openstack Ceilometer

PT-2019-16740 · Openstack · Openstack Ceilometer

CVE-2019-3830

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13