QwikSec

Security Database

CVE

CWE

Training

CVE-2017-2592

Published: May 8, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.9

MEDIUM

Description

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

Vendor	Product	Versions
unspecified	python-oslo-middleware	affected `python-oslo-middleware 3.8.1` affected `python-oslo-middleware 3.19.1` affected `python-oslo-middleware 3.23.1`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://review.openstack.org/#/c/425732/

x_refsource_MISC

http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:0300

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://review.openstack.org/#/c/425730/

x_refsource_MISC

https://review.openstack.org/#/c/425734/

x_refsource_MISC

https://bugs.launchpad.net/keystonemiddleware/+bug/1628031

x_refsource_MISC

https://access.redhat.com/errata/RHSA-2017:0435

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.