CVE-2018-16856Log File Information Exposure in Octavia

CWE-532Log File Information Exposure10 documents7 sources
Severity
7.5HIGHNVD
CNA5.5
EPSS
0.3%
top 49.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack OctaviaRedhat Openstack
Timeline
PublishedMar 26
Latest updateMay 13

Description

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDopenstack/octavia2.0.02.0.2-5+1
PyPIopenstack/octavia3.0.03.0.2+3
NVDredhat/openstack12, 13, 14+2

🔴Vulnerability Details

4
GHSA
Openstack Octavia allows Insertion of Sensitive Information into Log File2022-05-13
OSV
Openstack Octavia allows Insertion of Sensitive Information into Log File2022-05-13
OSV
CVE-2018-16856: In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 22019-03-26
CVEList
CVE-2018-16856: In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 22019-03-26

📋Vendor Advisories

2
Red Hat
openstack-octavia: Private keys written to world-readable log files2018-09-26
Debian
CVE-2018-16856: octavia - In a default Red Hat Openstack Platform Director installation, openstack-octavia...2018

💬Community

3
Bugzilla
CVE-2018-16856 openstack-octavia: Private keys written to world-readable log files2018-11-13
Bugzilla
CVE-2018-16856 openstack-octavia: Private keys written to world-readable log files [openstack-rdo]2018-11-13
Bugzilla
CVE-2018-16856 openstack-octavia: Private keys written to world-readable log files [openstack-14-default]2018-09-26
CVE-2018-16856 — Log File Information Exposure | cvebase