CVE-2014-7231

CWE-200 — Information Exposure CWE-184 CWE-532 — Log File Information Exposure CWE-522 — Insufficiently Protected Credentials10 documents7 sources

Severity

2.1LOW

EPSS

0.2%

top 63.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Cinder Openstack Nova Openstack Trove +1 more

Timeline

PublishedOct 8

Latest updateMay 14

Description

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages7 packages

▶NVDopenstack/nova2013.2 — 2013.2.4+1

▶NVDopenstack/trove2013.2 — 2013.2.4+1

▶NVDopenstack/cinder2013.2 — 2013.2.4+1

▶PyPIoslo-utils< 0.2.0

▶PyPIoslo.utils< 0.2.0

🔴Vulnerability Details

GHSA

OpenStack Oslo utility sensitive information exposure via log files↗2022-05-14

▶

OSV

OpenStack Oslo utility sensitive information exposure via log files↗2022-05-14

▶

OSV

CVE-2014-7231: The strutils↗2014-10-08

▶

CVEList

CVE-2014-7231: The strutils↗2014-10-08

▶

📋Vendor Advisories

Red Hat

Trove: potential leak of passwords into log files↗2014-07-22

▶

Debian

CVE-2014-7231: python-oslo.utils - The strutils.mask_password function in the OpenStack Oslo utility library, Cinde...↗2014

▶

💬Community

Bugzilla

CVE-2014-7230 CVE-2014-7231 openstack-nova: OpenStack Cinder, Nova, Trove: potential leak of passwords into log files [fedora-all]↗2014-10-09

▶

Bugzilla

CVE-2014-7230 CVE-2014-7231 openstack-cinder: OpenStack Cinder, Nova, Trove: potential leak of passwords into log files [fedora-all]↗2014-10-09

▶

Bugzilla

CVE-2014-7230 CVE-2014-7231 OpenStack Cinder, Nova, Trove: potential leak of passwords into log files↗2014-09-30

▶