Local User Password Exposure in OpenStack Products by Vendor
CVE-2014-7230

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova; Cinder; Trove
Vendor: CVE Published:; 8 October 2014

Summary

The processutils.execute function in OpenStack's oslo-incubator allows local users to extract sensitive passwords from logs when a ProcessExecutionError occurs within the affected versions of Cinder, Nova, and Trove. This flaw poses a security risk as unauthorized users could exploit this vulnerability to gain access to confidential information, impacting the overall integrity of the system.

References

http://seclists.org/oss-sec/2014/q3/853

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/96725

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/70185

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 8, 2014
Vulnerability Reserved
Sep 29, 2014