PT-2019-13694 · Openstack+1 · Openstack Nova+1
Donny Davis
·
Published
2019-08-06
·
Updated
2022-10-27
·
CVE-2019-14433
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Nova versions prior to 17.0.12
OpenStack Nova versions 18.x prior to 18.2.2
OpenStack Nova versions 19.x prior to 19.0.2
Description
An issue in OpenStack Nova may leak details of the underlying environment in the response to an API request from an authenticated user if the request ends in a fault condition due to an external exception. This could include sensitive configuration or other data.
Recommendations
For OpenStack Nova versions prior to 17.0.12, update to version 17.0.12 or later.
For OpenStack Nova versions 18.x prior to 18.2.2, update to version 18.2.2 or later.
For OpenStack Nova versions 19.x prior to 19.0.2, update to version 19.0.2 or later.
Fix
Information Disclosure
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openstack Nova
Ubuntu