Information disclosure in OpenStack Ceilometer

Published: 2019-04-01
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-3830
Exploitation vector Local
Public exploit N/A
Vulnerable software
Operating systems & Components / Operating system package or component

Vendor Openstack

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU18105

Risk: Low


CVE-ID: CVE-2019-3830

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the ceilometer-agent prints by default sensitive information into log files, even when the DEBUG logging is not activated. A local user can view the log files and obtain sensitive information, such as administrative credentials.


Install updates from vendor's website.

Vulnerable software versions

Ceilometer: 10.0.0 - 11.0.1

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?