{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4840", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-05-13T16:34:02.118Z", "datePublished": "2024-05-13T22:16:39.899Z", "dateUpdated": "2024-11-25T06:11:10.438Z"}, "containers": {"cna": {"title": "Rhosp-director: cleartext passwords exposed in logs", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-tripleo-heat-templates", "defaultStatus": "affected", "versions": [{"version": "0:14.3.1-17.1.20240919130756.el9ost", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openstack:17.1::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-director", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:9978", "name": "RHSA-2024:9978", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4840", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249", "name": "RHBZ#2280249", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-05-06T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information", "timeline": [{"lang": "en", "time": "2024-05-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-06T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-25T06:11:10.438Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-24T19:32:24.426737Z", "id": "CVE-2024-4840", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T15:59:59.529Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:09.958Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-4840", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249", "name": "RHBZ#2280249", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-4840", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249", "name": "RHBZ#2280249", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:09.958Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4840", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-24T19:32:24.426737Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T19:35:03.641Z"}}], "cna": {"title": "Rhosp-director: cleartext passwords exposed in logs", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openstack:17.1::el9"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:14.3.1-17.1.20240919130756.el9ost", "lessThan": "*", "versionType": "rpm"}], "packageName": "openstack-tripleo-heat-templates", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-director", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-05-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-06T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-05-06T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:9978", "name": "RHSA-2024:9978", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-4840", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249", "name": "RHBZ#2280249", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-25T06:11:10.438Z"}, "x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"}}, "cveMetadata": {"cveId": "CVE-2024-4840", "state": "PUBLISHED", "dateUpdated": "2024-11-25T06:11:10.438Z", "dateReserved": "2024-05-13T16:34:02.118Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-05-13T22:16:39.899Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el director OpenStack Platform (RHOSP), un conjunto de herramientas para instalar y administrar un entorno RHOSP completo. Las contrase\u00f1as de texto sin formato pueden almacenarse en archivos de registro, lo que puede exponer informaci\u00f3n confidencial a cualquier persona que tenga acceso a los registros."}], "id": "CVE-2024-4840", "lastModified": "2024-11-25T05:15:11.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-05-14T15:45:17.310", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9978"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-4840"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-4840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9978", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "openstack-tripleo-heat-templates-0:14.3.1-17.1.20240919130756.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}], "bugzilla": {"description": "rhosp-director: cleartext passwords exposed in logs", "id": "2280249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-312", "details": ["An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.", "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."], "name": "CVE-2024-4840", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "rhosp-director", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2024-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-4840\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4840"], "threat_severity": "Moderate"}