CVE-2017-7214
CRITICAL9.8EPSS 1.3%OpenStack Nova logs sensitive context from notification exceptions
發布日:2022/5/14修改日:2026/4/28
描述
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
受影響套件(2)
- Debian/novafrom 0, < 2:14.0.0-4
- PyPI/nova>= 13.0.0, < 13.1.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(11)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7214
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-7214
- PATCHhttps://github.com/openstack/nova
- WEBhttps://access.redhat.com/errata/RHSA-2017:1508
- WEBhttps://access.redhat.com/errata/RHSA-2017:1595
- WEBhttps://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
- WEBhttps://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
- WEBhttps://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
- WEBhttps://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
- WEBhttps://launchpad.net/bugs/1673569
- WEBhttp://www.securityfocus.com/bid/96998