CVE-2017-2592 Information

Feb 14, 2021 cve

Description

python-oslo-middleware before versions 3.8.1 3.19.1 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback’s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example keystone tokens).

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html http://rhn.redhat.com/errata/RHSA-2017-0300.html http://rhn.redhat.com/errata/RHSA-2017-0435.html http://www.securityfocus.com/bid/95827 https://access.redhat.com/errata/RHSA-2017:0300 https://access.redhat.com/errata/RHSA-2017:0435 https://bugs.launchpad.net/keystonemiddleware/+bug/1628031 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592 https://review.openstack.org//c/425730/ https://review.openstack.org//c/425732/ https://review.openstack.org//c/425734/ https://usn.ubuntu.com/3666-1/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: