#VU6848 Information disclosure in Openstack Nova - CVE-2017-7214
Published: May 31, 2017 / Updated: June 1, 2017
Vulnerability identifier: #VU6848
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-7214
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Openstack Nova
Openstack Nova
Software vendor:
Openstack
Openstack
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in exception_wrapper.py. A remote attacker can cause an ERROR level logs and reveal legacy notification exception contexts that may include sensitive information such as account passwords and authorization tokens.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to an error in exception_wrapper.py. A remote attacker can cause an ERROR level logs and reveal legacy notification exception contexts that may include sensitive information such as account passwords and authorization tokens.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update to the latest version.