CVE-2017-2592 — Log File Information Exposure in Oslo.middleware

CWE-532 — Log File Information Exposure11 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 74.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Oslo.middleware Debian Python-oslo.middleware Canonical Ubuntu Linux

Timeline

PublishedMay 8

Latest updateJul 13

Description

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶PyPIopenstack/oslo.middleware3.9.0 — 3.19.1+2

▶debiandebian/python-oslo.middleware< python-oslo.middleware 3.19.0-3 (bookworm)

▶NVDopenstack/oslo.middleware3.9.0 — 3.19.0+2

Also affects: Ubuntu Linux 16.04

Patches

Patch: lists.openstack.org ↗Patch: bugs.launchpad.net ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

oslo.middleware Information Disclosure vulnerability↗2018-07-13

▶

OSV

oslo.middleware Information Disclosure vulnerability↗2018-07-13

▶

OSV

CVE-2017-2592: python-oslo-middleware before versions 3↗2018-05-08

▶

📋Vendor Advisories

Ubuntu

Oslo middleware vulnerability↗2018-05-31

▶

Red Hat

python-oslo-middleware: CatchErrors leaks sensitive values into error logs↗2017-01-26

▶

Debian

CVE-2017-2592: python-oslo.middleware - python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an...↗2017

▶

💬Community

Bugzilla

CVE-2017-2592 python-oslo-middleware: CatchErrors leaks sensitive values into error logs [fedora-all]↗2017-01-30

▶

Bugzilla

CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592)↗2017-01-30

▶

Bugzilla

CVE-2017-2592 python-oslo-middleware: CatchErrors leaks sensitive values into error logs [openstack-rdo]↗2017-01-30

▶

Bugzilla

CVE-2017-2592 python-oslo-middleware: CatchErrors leaks sensitive values into error logs↗2017-01-19

▶