CVE-2022-0718

CWE-522 — Insufficiently Protected Credentials CWE-532 — Log File Information Exposure9 documents7 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 42.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Oslo.utils Openstack Python-oslo.utils Debian Debian Linux +2 more

Timeline

PublishedAug 29

Description

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

▶Debianpython-oslo.utils< 4.6.1-0+deb11u1+3

▶CVEListV5openstack/python-oslo.utilsAffects all versions, Fixed in 4.10.1, 4.12.1.

▶PyPIoslo-utils< 4.10.1

▶NVDopenstack/oslo.utils< 4.10.1+1

▶NVDredhat/openstack_platform16.1

Also affects: Debian Linux 10.0, 11.0, Openshift Container Platform 4.0

Patches

Patch: bugs.launchpad.net ↗Patch: bugzilla.redhat.com ↗Patch: opendev.org ↗

🔴Vulnerability Details

GHSA

python-oslo-utils has improper password parsing↗2022-08-29

▶

CVEList

CVE-2022-0718: A flaw was found in python-oslo-utils↗2022-08-29

▶

OSV

python-oslo-utils has improper password parsing↗2022-08-29

▶

OSV

CVE-2022-0718: A flaw was found in python-oslo-utils↗2022-08-29

▶

OSV

libxmltok vulnerabilities↗2022-07-19

▶

📋Vendor Advisories

Ubuntu

oslo.utils vulnerability↗2022-04-07

▶

Red Hat

python-oslo-utils: incorrect password masking in debug output↗2022-02-21

▶

Debian

CVE-2022-0718: python-oslo.utils - A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a...↗2022

▶