CVE-2014-7230
published 2014-10-08CVE-2014-7230: The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain…
low2.1CVSS 3.1
AVLACLAuNCPINAN
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | cinder | < cinder 2014.1.3-4 (bookworm) | cinder 2014.1.3-4 (bookworm) |
| debian | nova | < cinder 2014.1.3-4 (bookworm) | cinder 2014.1.3-4 (bookworm) |
| debian | openstack-trove | < cinder 2014.1.3-4 (bookworm) | cinder 2014.1.3-4 (bookworm) |
| openstack | cinder | >= 0 < 2014.1.3-4 | 2014.1.3-4 |
| openstack | cinder | >= 0 < 2014.1.3-4 | 2014.1.3-4 |
| openstack | cinder | >= 0 < 2014.1.3-4 | 2014.1.3-4 |
| openstack | cinder | >= 0 < 2014.1.3-4 | 2014.1.3-4 |
| openstack | cinder | >= 0 < 1:2014.1.3-0ubuntu1.1 | 1:2014.1.3-0ubuntu1.1 |
| openstack | cinder | >= 2013.2 < 2013.2.4 | 2013.2.4 |
| openstack | cinder | >= 2014.1 < 2014.1.3 | 2014.1.3 |
| openstack | nova | >= 0 < 2014.1.3-5 | 2014.1.3-5 |
| openstack | nova | >= 0 < 2014.1.3-5 | 2014.1.3-5 |
| openstack | nova | >= 0 < 2014.1.3-5 | 2014.1.3-5 |
| openstack | nova | >= 0 < 2014.1.3-5 | 2014.1.3-5 |
| openstack | nova | >= 0 < 1:2014.1.3-0ubuntu1.1 | 1:2014.1.3-0ubuntu1.1 |
| openstack | nova | >= 2013.2 < 2013.2.4 | 2013.2.4 |
| openstack | nova | >= 2014.1 < 2014.1.3 | 2014.1.3 |
| openstack | trove | >= 2013.2 < 2013.2.4 | 2013.2.4 |
| openstack | trove | >= 2014.1 < 2014.1.3 | 2014.1.3 |
| redhat | openstack | — | — |
CVSS provenance
nvd2.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv4.0MEDIUM