CVE-2014-7230

CWE-200 — Information Exposure CWE-184 CWE-532 — Log File Information Exposure CWE-522 — Insufficiently Protected Credentials13 documents8 sources

Severity

2.1LOW

EPSS

0.1%

top 68.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Cinder Openstack Nova Openstack Trove +2 more

Timeline

PublishedOct 8

Latest updateMay 14

Description

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages7 packages

▶NVDopenstack/nova2013.2 — 2013.2.4+1

▶NVDopenstack/trove2013.2 — 2013.2.4+1

▶NVDopenstack/cinder2013.2 — 2013.2.4+1

▶Debianopenstack-trove< 2014.1.3-1+2

▶Debiannova< 2014.1.3-5+3

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

GHSA

GHSA-58w7-wcrr-7289: The processutils↗2022-05-14

▶

OSV

cinder vulnerabilities↗2014-11-11

▶

OSV

nova vulnerabilities↗2014-11-11

▶

CVEList

CVE-2014-7230: The processutils↗2014-10-08

▶

OSV

CVE-2014-7230: The processutils↗2014-10-08

▶

📋Vendor Advisories

Ubuntu

OpenStack Cinder vulnerabilities↗2014-11-11

▶

Ubuntu

OpenStack Nova vulnerabilities↗2014-11-11

▶

Red Hat

Trove: potential leak of passwords into log files↗2014-07-22

▶

Debian

CVE-2014-7230: cinder - The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and...↗2014

▶

💬Community

Bugzilla

CVE-2014-7230 CVE-2014-7231 openstack-nova: OpenStack Cinder, Nova, Trove: potential leak of passwords into log files [fedora-all]↗2014-10-09

▶

Bugzilla

CVE-2014-7230 CVE-2014-7231 openstack-cinder: OpenStack Cinder, Nova, Trove: potential leak of passwords into log files [fedora-all]↗2014-10-09

▶

Bugzilla

CVE-2014-7230 CVE-2014-7231 OpenStack Cinder, Nova, Trove: potential leak of passwords into log files↗2014-09-30

▶