Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2592

Опубликовано: 26 янв. 2017
Источник: redhat
CVSS3: 5.9

Описание

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)python-oslo-middlewareNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)python-oslo-middlewareNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-oslo-middlewareNot affected
Red Hat Gluster Storage 3.1python-oslo-middlewareNot affected
Red Hat OpenStack Platform 11 (Ocata)python-oslo-middlewareNot affected
Red Hat OpenStack Platform 8 (Liberty)python-oslo-middlewareNot affected
Red Hat OpenStack Platform 10.0 (Newton)python-oslo-middlewareFixedRHSA-2017:030022.02.2017
Red Hat OpenStack Platform 9.0 (Mitaka)python-oslo-middlewareFixedRHSA-2017:043502.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1414698python-oslo-middleware: CatchErrors leaks sensitive values into error logs

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-2592

CVSS3: 5.9
ubuntu
больше 7 лет назад

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

nvd логотип

CVE-2017-2592

CVSS3: 5.9
nvd
больше 7 лет назад

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

debian логотип

CVE-2017-2592

CVSS3: 5.9
debian
больше 7 лет назад

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulner ...

github логотип

GHSA-xcp8-hh74-f6mc

CVSS3: 5.5
github
больше 7 лет назад

oslo.middleware Information Disclosure vulnerability

5.9 Medium

CVSS3