CVE-2017-2592

NameCVE-2017-2592
Descriptionpython-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs852742

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-oslo.middleware (PTS)buster3.36.0-2fixed
bullseye4.1.1-2fixed
bookworm5.0.0-2fixed
sid, trixie6.1.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-oslo.middlewaresource(unstable)3.19.0-3852742

Notes

https://launchpad.net/bugs/1628031
Search for package or bug name: Reporting problems