CVE-2019-14433

CWE-209CWE-200Information Exposure10 documents8 sources
Severity
6.5MEDIUM
EPSS
1.3%
top 20.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Openstack NovaCanonical Ubuntu LinuxDebian Debian Linux+1 more
Timeline
PublishedAug 9
Latest updateMay 24

Description

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDopenstack/nova18.0.018.2.2+2
PyPInova18.0.018.2.2+2
Debiannova< 2:19.0.2-1+3
NVDredhat/openstack10, 13, 14+2

Also affects: Debian Linux 10.0, Ubuntu Linux 16.04, 18.04, 19.04

Patches

Patch: launchpad.netPatch: security.openstack.orgPatch: launchpad.net

🔴Vulnerability Details

4
GHSA
OpenStack Nova Server Resource Faults Leak External Exception Details2022-05-24
OSV
OpenStack Nova Server Resource Faults Leak External Exception Details2022-05-24
OSV
CVE-2019-14433: An issue was discovered in OpenStack Nova before 172019-08-09
CVEList
CVE-2019-14433: An issue was discovered in OpenStack Nova before 172019-08-09

📋Vendor Advisories

3
Ubuntu
Nova vulnerability2019-08-19
Red Hat
openstack-nova: Nova server resource faults leak external exception details2019-08-06
Debian
CVE-2019-14433: nova - An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, an...2019

💬Community

2
Bugzilla
CVE-2019-14433 openstack-nova: Nova server resource faults leak external exception details [openstack-rdo]2019-08-06
Bugzilla
CVE-2019-14433 openstack-nova: Nova server resource faults leak external exception details2019-08-01
CVE-2019-14433 (MEDIUM CVSS 6.5) | An issue was discovered in OpenStac | cvebase.io