CVE-2017-2592

NameCVE-2017-2592
Descriptionpython-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs852742

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-oslo.middleware (PTS)stretch3.19.0-3fixed
buster, sid3.36.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-oslo.middlewaresource(unstable)3.19.0-3low852742

Notes

https://launchpad.net/bugs/1628031

Search for package or bug name: Reporting problems