CVE-2017-7214

NameCVE-2017-7214
DescriptionAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs858568

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)jessie2014.1.3-11fixed
stretch (security), stretch2:14.0.0-4+deb9u1fixed
sid2:18.0.3-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasource(unstable)2:14.0.0-4medium858568
novasourcejessie(not affected)
novasourcewheezy(unfixed)end-of-life

Notes

[jessie] - nova <not-affected> (Vulnerable code not present)
[wheezy] - nova <end-of-life> (Not supported in Wheezy LTS)
https://bugs.launchpad.net/nova/+bug/1673569

Search for package or bug name: Reporting problems