Information Exposure Through Log Files Affecting nova package, versions <2:14.0.0-4
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.48% (76th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-NOVA-351788
- published 21 Mar 2017
- disclosed 21 Mar 2017
Introduced: 21 Mar 2017
CVE-2017-7214 Open this link in a new tabHow to fix?
Upgrade Debian:unstable
nova
to version 2:14.0.0-4 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nova
package and not the nova
package as distributed by Debian
.
See How to fix?
for Debian:unstable
relevant fixed versions and status.
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.