Information disclosure in Openstack Nova - CVE-2017-7214
Published: May 31, 2017 / Updated: June 1, 2017
Vulnerability identifier: #VU6848
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-7214
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Openstack
Affected software:
Openstack Nova
Openstack Nova
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in exception_wrapper.py. A remote attacker can cause an ERROR level logs and reveal legacy notification exception contexts that may include sensitive information such as account passwords and authorization tokens.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to an error in exception_wrapper.py. A remote attacker can cause an ERROR level logs and reveal legacy notification exception contexts that may include sensitive information such as account passwords and authorization tokens.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-7214
Update to the latest version.