{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2017:1595", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1595"}, {"name": "96998", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96998"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1673569"}, {"name": "RHSA-2017:1508", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1508"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7214", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:1595", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1595"}, {"name": "96998", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96998"}, {"name": "https://launchpad.net/bugs/1673569", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/1673569"}, {"name": "RHSA-2017:1508", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1508"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:35.974Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:1595", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1595"}, {"name": "96998", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96998"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1673569"}, {"name": "RHSA-2017:1508", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1508"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7214", "datePublished": "2017-03-21T18:00:00", "dateReserved": "2017-03-21T00:00:00", "dateUpdated": "2024-08-05T15:56:35.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF818F64-06A3-4B6F-84DA-ACA0487D4A87", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B647430-A8A7-4ABE-957E-E2B758000948", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "61702707-B600-49EF-8393-8144079C1C81", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AC9C11ED-9F06-4CEA-9808-36E3FF064E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6FC1CEF3-886E-4E6A-84BD-0991CF071173", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C9A79A-8C56-4951-B420-D5969E637299", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D2AE2C0-2B2C-46BA-A013-FC6CAB05A747", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7F1818F-AC8D-4E7C-AFB3-1DC93C5D0C43", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "28DAA045-F5D4-4FB7-BAD3-1E390BA0DE91", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B1D1B42F-2EEB-40AD-8BF4-1C67AF850C32", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "86CACA5B-1C6D-4048-B744-D14B00BFEAA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4675B0D5-9944-4F0A-9FBC-8C1A3AE6E82B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens."}, {"lang": "es", "value": "Un problema ha sido descubierto en exception_wrapper.py en OpenStack Nova 13.x en versiones hasta 13.1.3, 14.x en versiones hasta 14.0.4 y 15.x en versiones hasta 15.0.1. Los contextos de legado excepci\u00f3n de notificaci\u00f3n que aparecen en los registros de nivel de ERROR pueden incluir informaci\u00f3n confidencial como contrase\u00f1as de cuenta y tokens de autorizaci\u00f3n."}], "id": "CVE-2017-7214", "lastModified": "2024-11-21T03:31:23.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-21T18:59:00.167", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96998"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:1508"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:1595"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1673569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1673569"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:1595", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "openstack-nova-1:14.0.6-2.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2017-06-28T00:00:00Z"}, {"advisory": "RHSA-2017:1595", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "python-novaclient-1:6.0.0-3.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2017-06-28T00:00:00Z"}, {"advisory": "RHSA-2017:1508", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "openstack-nova-1:13.1.4-1.el7ost", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2017-06-19T00:00:00Z"}], "bugzilla": {"description": "openstack-nova: Sensitive information included in legacy notification exception contexts", "id": "1434844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434844"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.", "An information exposure issue was discovered in OpenStack Compute's exception_wrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens."], "name": "CVE-2017-7214", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Not affected", "package_name": "openstack-nova", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}], "public_date": "2017-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7214\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7214"], "threat_severity": "Moderate"}