Local User Password Exposure in OpenStack Products by Vendor
CVE-2014-7230

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
8 October 2014

Summary

The processutils.execute function in OpenStack's oslo-incubator allows local users to extract sensitive passwords from logs when a ProcessExecutionError occurs within the affected versions of Cinder, Nova, and Trove. This flaw poses a security risk as unauthorized users could exploit this vulnerability to gain access to confidential information, impacting the overall integrity of the system.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.