Information Disclosure Vulnerability in OpenStack Nova by OpenStack Foundation
CVE-2017-7214

9.8CRITICAL

Key Information:

Vendor
Openstack
Status
Nova
Vendor
CVE Published:
21 March 2017

Summary

An issue found in the exception_wrapper.py file of OpenStack Nova may expose sensitive information such as account passwords and authorization tokens in ERROR level logs. This vulnerability affects versions 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1, allowing unauthorized access to critical security details, which can lead to further exploitation if not addressed.

References

https://access.redhat.com/errata/RHSA-2017:1595
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/96998
vdb-entryx_refsource_BID
https://launchpad.net/bugs/1673569
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.