REDHAT-BUG-1434844
First published: Wed Mar 22 2017(Updated: )
An issue was discovered in exception_wrapper.py in OpenStack Nova. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. Upstream bug: <a href="https://bugs.launchpad.net/nova/+bug/1673569">https://bugs.launchpad.net/nova/+bug/1673569</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Nova-LXD |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.launchpad.net/nova/+bug/1673569
- https://review.openstack.org/447075
- https://review.openstack.org/447072
- https://review.openstack.org/447071
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1436944
- https://access.redhat.com/errata/RHSA-2017:1508
- https://access.redhat.com/errata/RHSA-2017:1595
- https://bugzilla.redhat.com/show_bug.cgi?id=1434844
Frequently Asked Questions
What is the severity of REDHAT-BUG-1434844?
The severity of REDHAT-BUG-1434844 is high due to the potential exposure of sensitive information in logs.
How do I fix REDHAT-BUG-1434844?
To fix REDHAT-BUG-1434844, ensure that logging configurations do not include sensitive information and upgrade to the latest secure version of OpenStack Nova.
What type of sensitive information is exposed in REDHAT-BUG-1434844?
REDHAT-BUG-1434844 may expose sensitive information such as account passwords and authorization tokens in ERROR level logs.
Which software is affected by REDHAT-BUG-1434844?
The affected software for REDHAT-BUG-1434844 is OpenStack Nova.
When should I be concerned about REDHAT-BUG-1434844?
You should be concerned about REDHAT-BUG-1434844 if you are managing OpenStack Nova and need to protect sensitive data from being logged.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7214
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openstack
- canonical/openstack nova-lxd