CVE-2017-7214 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=13.0.0 <13.1.4 || >=14.0.0 <14.0.5 || >=15.0.1 <15.0.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01297 pctl0.78929

Details

OpenStack Nova logs sensitive context from notification exceptions An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

Metadata

Created: 2022-05-14T03:53:47Z
Modified: 2024-05-14T21:13:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f4g4-cj8f-3cr9/GHSA-f4g4-cj8f-3cr9.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-f4g4-cj8f-3cr9
Finding: F200
Auto approve: 1