PT-2019-16740 · Openstack · Openstack Ceilometer

Published

2019-03-26

Updated

2022-05-13

CVE-2019-3830

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Ceilometer versions prior to 12.0.0.0rc1

Description A vulnerability was found in ceilometer that results in an Information Exposure. The ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

Recommendations For versions prior to 12.0.0.0rc1, update to version 12.0.0.0rc1 or later to resolve the issue. As a temporary workaround, consider configuring the logging settings to prevent sensitive data from being printed to log files. Restrict access to log files to minimize the risk of exploitation.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2019-3830

GHSA-2CVF-R9JM-4QM9

PYSEC-2019-78

PYSEC-2019-8

RHSA-2019:0566

RHSA-2019:0580

RHSA-2019:0919

Affected Products

Openstack Ceilometer

PT-2019-16740 · Openstack · Openstack Ceilometer

CVE-2019-3830

Weakness Enumeration

Related Identifiers

Affected Products

References · 13