DescriptionAn issue was discovered in in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs858568

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)stretch (security), stretch2:14.0.0-4+deb9u1fixed
bullseye, sid2:22.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasourcejessie(not affected)


[jessie] - nova <not-affected> (Vulnerable code not present)
[wheezy] - nova <end-of-life> (Not supported in Wheezy LTS)

Search for package or bug name: Reporting problems