PT-2019-9378 · Openstack · Openstack Octavia

Sam Fowler

Publicado

2019-03-26

Atualizado

2022-05-13

CVE-2018-16856

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions openstack-octavia versions prior to 2.0.2-5 openstack-octavia versions prior to 3.0.1-0.20181009115732

Description The issue allows for information exposure due to log files being readable by all users. Sensitive information, such as private keys, can appear in these log files.

Recommendations For versions prior to 2.0.2-5, update to version 2.0.2-5 or later to resolve the issue. For versions prior to 3.0.1-0.20181009115732, update to version 3.0.1-0.20181009115732 or later to resolve the issue.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2018-16856

GHSA-QCJ3-H27M-MP9X

PYSEC-2019-193

RHSA-2019:0567

RHSA-2019:0593

Produtos afetados

Openstack Octavia

PT-2019-9378 · Openstack · Openstack Octavia

CVE-2018-16856

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13