CVE-2014-7231

Name of the Vulnerable Software and Affected Versions OpenStack Oslo utility library versions prior to 2013.2.4 OpenStack Oslo utility library versions prior to 2014.1.3 Cinder versions prior to 2013.2.4 Cinder versions prior to 2014.1.3 Nova versions prior to 2013.2.4 Nova versions prior to 2014.1.3 Trove versions prior to 2013.2.4 Trove versions prior to 2014.1.3

Description The issue is related to the strutils.mask password function, which does not properly mask passwords when logging commands. This allows local users to obtain passwords by reading the log.

Recommendations For OpenStack Oslo utility library versions prior to 2013.2.4, update to version 2013.2.4 or later. For OpenStack Oslo utility library versions prior to 2014.1.3, update to version 2014.1.3 or later. For Cinder versions prior to 2013.2.4, update to version 2013.2.4 or later. For Cinder versions prior to 2014.1.3, update to version 2014.1.3 or later. For Nova versions prior to 2013.2.4, update to version 2013.2.4 or later. For Nova versions prior to 2014.1.3, update to version 2014.1.3 or later. For Trove versions prior to 2013.2.4, update to version 2013.2.4 or later. For Trove versions prior to 2014.1.3, update to version 2014.1.3 or later.