CVE-2019-3830 — Log File Information Exposure in Ceilometer

CWE-532 — Log File Information Exposure9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 69.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Ceilometer Redhat Openstack

Timeline

PublishedMar 26

Latest updateMay 13

Description

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶PyPIopenstack/ceilometer< 12.0.0.0rc1

▶Debianopenstack/ceilometer< 1:11.0.1-5+3

▶NVDopenstack/ceilometer2013.1 — 2015.1.4+1

▶NVDredhat/openstack10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

Ceilometer Prints Sensitive Configuration Data to Log↗2022-05-13

▶

GHSA

Ceilometer Prints Sensitive Configuration Data to Log↗2022-05-13

▶

OSV

CVE-2019-3830: A vulnerability was found in ceilometer before version 12↗2019-03-26

▶

CVEList

CVE-2019-3830: A vulnerability was found in ceilometer before version 12↗2019-03-26

▶

📋Vendor Advisories

Red Hat

openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files↗2019-01-09

▶

Debian

CVE-2019-3830: ceilometer - A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Informati...↗2019

▶

💬Community

Bugzilla

CVE-2019-3830 openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files [openstack-rdo]↗2019-03-19

▶

Bugzilla

CVE-2019-3830 openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files↗2019-02-14

▶