CVE-2017-7214

CWE-532Log File Information ExposureCWE-200Information Exposure9 documents7 sources
Severity
9.8CRITICAL
EPSS
1.3%
top 20.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedMar 21
Latest updateMay 14

Description

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDopenstack/nova12 versions+11
PyPInova13.0.013.1.4+2
Debiannova< 2:14.0.0-4+3

Patches

Patch: launchpad.netPatch: launchpad.net

🔴Vulnerability Details

4
GHSA
OpenStack Nova logs sensitive context from notification exceptions2022-05-14
OSV
OpenStack Nova logs sensitive context from notification exceptions2022-05-14
OSV
CVE-2017-7214: An issue was discovered in exception_wrapper2017-03-21
CVEList
CVE-2017-7214: An issue was discovered in exception_wrapper2017-03-21

📋Vendor Advisories

2
Red Hat
openstack-nova: Sensitive information included in legacy notification exception contexts2017-03-21
Debian
CVE-2017-7214: nova - An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 1...2017

💬Community

2
Bugzilla
CVE-2017-7214 openstack-nova: Sensitive information included in legacy notification exception contexts [openstack-rdo]2017-03-29
Bugzilla
CVE-2017-7214 openstack-nova: Sensitive information included in legacy notification exception contexts2017-03-22
CVE-2017-7214 (CRITICAL CVSS 9.8) | An issue was discovered in exceptio | cvebase.io