CVE-2017-7214
Summary
| CVE | CVE-2017-7214 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-21 18:59:00 UTC |
| Updated | 2018-01-05 02:31:00 UTC |
| Description | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openstack | Nova | 13.0.0 | All | All | All |
| Application | Openstack | Nova | 13.1.0 | All | All | All |
| Application | Openstack | Nova | 13.1.1 | All | All | All |
| Application | Openstack | Nova | 13.1.2 | All | All | All |
| Application | Openstack | Nova | 13.1.3 | All | All | All |
| Application | Openstack | Nova | 14.0.0 | All | All | All |
| Application | Openstack | Nova | 14.0.1 | All | All | All |
| Application | Openstack | Nova | 14.0.2 | All | All | All |
| Application | Openstack | Nova | 14.0.3 | All | All | All |
| Application | Openstack | Nova | 14.0.4 | All | All | All |
| Application | Openstack | Nova | 15.0.0 | All | All | All |
| Application | Openstack | Nova | 15.0.1 | All | All | All |
| Application | Openstack | Nova | 13.0.0 | All | All | All |
| Application | Openstack | Nova | 13.1.0 | All | All | All |
| Application | Openstack | Nova | 13.1.1 | All | All | All |
| Application | Openstack | Nova | 13.1.2 | All | All | All |
| Application | Openstack | Nova | 13.1.3 | All | All | All |
| Application | Openstack | Nova | 14.0.0 | All | All | All |
| Application | Openstack | Nova | 14.0.1 | All | All | All |
| Application | Openstack | Nova | 14.0.2 | All | All | All |
| Application | Openstack | Nova | 14.0.3 | All | All | All |
| Application | Openstack | Nova | 14.0.4 | All | All | All |
| Application | Openstack | Nova | 15.0.0 | All | All | All |
| Application | Openstack | Nova | 15.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Bug #1673569 “[OSSA-2017-002] Failed notification payload is dum...” : Bugs : OpenStack Compute (nova) | CONFIRM | launchpad.net | Patch, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| OpenStack Nova CVE-2017-7214 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.