Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3866

Опубликовано: 07 нояб. 2019
Источник: redhat
CVSS3: 5.9

Описание

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

Отчет

In Red Hat OpenStack Platform 10/13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP10/13 openstack-mistral package.

Меры по смягчению последствий

Plain text information can be masked by ensuring that all mistral log files are not world readable.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)openstack-mistralWill not fix
Red Hat OpenStack Platform 13 (Queens)openstack-mistralWill not fix
Red Hat OpenStack Platform 14 (Rocky)openstack-mistralOut of support scope
Red Hat OpenStack Platform 15 (Stein)openstack-mistralOut of support scope
Red Hat OpenStack Platform 16.1openstack-mistralNot affected
Red Hat OpenStack Platform 16.0 (Train)openstack-mistralFixedRHEA-2020:028306.02.2020
Red Hat Quay 3quay/clair-rhel8FixedRHSA-2021:042004.02.2021
Red Hat Quay 3quay/quay-bridge-operator-bundleFixedRHSA-2021:042004.02.2021
Red Hat Quay 3quay/quay-bridge-operator-rhel8FixedRHSA-2021:042004.02.2021
Red Hat Quay 3quay/quay-builder-qemu-rhcos-rhel8FixedRHSA-2021:042004.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1768731openstack-mistral: information disclosure in mistral log

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3866

CVSS3: 5.5
ubuntu
больше 5 лет назад

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

nvd логотип

CVE-2019-3866

CVSS3: 5.5
nvd
больше 5 лет назад

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

debian логотип

CVE-2019-3866

CVSS3: 5.5
debian
больше 5 лет назад

An information-exposure vulnerability was discovered where openstack-m ...

github логотип

GHSA-237x-6c63-mfj6

github
около 3 лет назад

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

fstec логотип

BDU:2020-02256

CVSS3: 5.9
fstec
почти 6 лет назад

Уязвимость компонента openstack-mistral платформа для построения облачных решений OpenStack Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

5.9 Medium

CVSS3