First Last Prev Next    This bug is not in your last search results.
Bug 1030406 - (CVE-2017-7214) VUL-1: CVE-2017-7214: openstack-nova: exception_wrapper.py in OpenStack Nova leaks sensitive information via logfiles
(CVE-2017-7214)
VUL-1: CVE-2017-7214: openstack-nova: exception_wrapper.py in OpenStack Nova...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Cloud Bugs
Security Team bot
https://smash.suse.de/issue/182104/
CVSSv2:SUSE:CVE-2017-7214:3.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-22 06:46 UTC by Victor Pereira
Modified: 2017-08-04 09:11 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-03-22 06:46:50 UTC 
CVE-2017-7214

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through
13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification
exception contexts appearing in ERROR level logs may include sensitive
information such as account passwords and authorization tokens.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
http://www.cvedetails.com/cve/CVE-2017-7214/
https://launchpad.net/bugs/1673569
Comment 2 Swamp Workflow Management 2017-05-30 16:14:37 UTC 
SUSE-SU-2017:1443-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1024328,1030406,1032322
CVE References: CVE-2017-7214,CVE-2017-7400
Sources used:
SUSE OpenStack Cloud 7 (src):    openstack-ceilometer-7.0.4~a0~dev7-3.1, openstack-ceilometer-doc-7.0.4~a0~dev7-3.2, openstack-cinder-9.1.5~a0~dev1-3.1, openstack-cinder-doc-9.1.5~a0~dev1-3.1, openstack-dashboard-10.0.4~a0~dev2-3.1, openstack-glance-13.0.1~a0~dev6-3.1, openstack-glance-doc-13.0.1~a0~dev6-3.3, openstack-heat-7.0.4~a0~dev4-4.1, openstack-heat-doc-7.0.4~a0~dev4-4.2, openstack-keystone-10.0.2~a0~dev2-6.1, openstack-keystone-doc-10.0.2~a0~dev2-6.2, openstack-magnum-3.1.2~a0~dev22-13.1, openstack-magnum-doc-3.1.2~a0~dev22-13.1, openstack-manila-3.0.1~a0~dev27-3.1, openstack-manila-doc-3.0.1~a0~dev27-3.1, openstack-nova-14.0.6~a0~dev16-3.1, openstack-nova-doc-14.0.6~a0~dev16-3.3
Comment 3 Johannes Segitz 2017-08-04 09:11:56 UTC 
fixed
First Last Prev Next    This bug is not in your last search results.