Openstack Trove vulnerabilities

CVE-2015-3156 [MEDIUM] CWE-59 CVE-2015-3156: The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_conf The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBacku

CVE-2014-7231 [LOW] CWE-200 CVE-2014-7231: The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove b The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

CVE-2014-7230 [LOW] CWE-200 CVE-2014-7230: The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2 The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.