CVE-2019-3866
First published: Tue Nov 05 2019(Updated: )
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openstack-mistral | <0:9.0.2-0.20191125120837.6651519.el8 | 0:9.0.2-0.20191125120837.6651519.el8 |
| Redhat Openstack-mistral | ||
| Redhat Openstack | =10 | |
| Redhat Openstack | =13 | |
| Redhat Openstack | =14 | |
| Redhat Openstack | =15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3866
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1770043
- https://bugs.launchpad.net/tripleo/+bug/1850843
- https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
- https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
- https://access.redhat.com/errata/RHSA-2021:0420
- https://access.redhat.com/security/cve/cve-2019-3866
- https://bugzilla.redhat.com/show_bug.cgi?id=1768731
- https://www.cve.org/CVERecord?id=CVE-2019-3866 https://nvd.nist.gov/vuln/detail/CVE-2019-3866
- https://access.redhat.com/errata/RHEA-2020:0283
Frequently Asked Questions
What is CVE-2019-3866?
CVE-2019-3866 is an information-exposure vulnerability in openstack-mistral.
What is the severity of CVE-2019-3866?
CVE-2019-3866 has a severity score of 5.9 (medium).
How can a malicious system user exploit CVE-2019-3866?
A malicious system user could exploit CVE-2019-3866 by accessing sensitive user information stored in openstack-mistral's undercloud log files.
Which versions of openstack-mistral are affected by CVE-2019-3866?
Versions 7.1.0 up to 9.0.1 of openstack-mistral are affected by CVE-2019-3866.
How can I fix CVE-2019-3866?
To fix CVE-2019-3866, upgrade to version 9.0.2 or later of openstack-mistral.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-3866
- agent/software-canonical-lookup
- collector/redhat-cve
- vendor/redhat
- canonical/redhat openstack-mistral
- canonical/redhat openstack
- version/redhat openstack/10
- version/redhat openstack/13
- version/redhat openstack/14
- version/redhat openstack/15
- package-manager/redhat