PT-2019-9378 · Openstack · Openstack Octavia

Sam Fowler

Published

2019-03-26

Updated

2022-05-13

CVE-2018-16856

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions openstack-octavia versions prior to 2.0.2-5 openstack-octavia versions prior to 3.0.1-0.20181009115732

Description The issue allows for information exposure due to log files being readable by all users. Sensitive information, such as private keys, can appear in these log files.

Recommendations For versions prior to 2.0.2-5, update to version 2.0.2-5 or later to resolve the issue. For versions prior to 3.0.1-0.20181009115732, update to version 3.0.1-0.20181009115732 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2018-16856

GHSA-QCJ3-H27M-MP9X

PYSEC-2019-193

RHSA-2019:0567

RHSA-2019:0593

Affected Products

Openstack Octavia

PT-2019-9378 · Openstack · Openstack Octavia

CVE-2018-16856

Weakness Enumeration

Related Identifiers

Affected Products

References · 13