Rhosp-director: cleartext passwords exposed in logs
CVE-2024-4840
5.5MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Openstack Platform 16.2
- Red Hat Openstack Platform 17.1
- Vendor
- CVE Published:
- 14 May 2024
Summary
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 5.5 - (MEDIUM)
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database