#VU18105 Information disclosure


Published: 2019-04-01

Vulnerability identifier: #VU18105

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-3830

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Ceilometer
Operating systems & Components / Operating system package or component

Vendor: Openstack

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the ceilometer-agent prints by default sensitive information into log files, even when the DEBUG logging is not activated. A local user can view the log files and obtain sensitive information, such as administrative credentials.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Ceilometer: 10.0.0 - 11.0.1


CPE

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability