Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3830

Опубликовано: 09 янв. 2019
Источник: redhat
CVSS3: 4
EPSS Низкий

Описание

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 15 (Stein)openstack-ceilometerNot affected
Red Hat OpenStack Platform 8 (Liberty)openstack-ceilometerNot affected
Red Hat OpenStack Platform 9 (Mitaka)openstack-ceilometerNot affected
Red Hat OpenStack Platform 10.0 (Newton)openstack-ceilometerFixedRHSA-2019:091930.04.2019
Red Hat OpenStack Platform 13.0 (Queens)openstack-ceilometerFixedRHSA-2019:056614.03.2019
Red Hat OpenStack Platform 14.0 (Rocky)openstack-ceilometerFixedRHSA-2019:058018.03.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1677389openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files

EPSS

Процентиль: 31%
0.00115
Низкий

4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3830

CVSS3: 7.8
ubuntu
почти 7 лет назад

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

nvd логотип

CVE-2019-3830

CVSS3: 7.8
nvd
почти 7 лет назад

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

debian логотип

CVE-2019-3830

CVSS3: 7.8
debian
почти 7 лет назад

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An ...

github логотип

GHSA-2cvf-r9jm-4qm9

CVSS3: 4
github
больше 3 лет назад

Ceilometer Prints Sensitive Configuration Data to Log

EPSS

Процентиль: 31%
0.00115
Низкий

4 Medium

CVSS3