CVE-2017-7214

NameCVE-2017-7214
DescriptionAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs858568

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)stretch (security), stretch2:14.0.0-4+deb9u1fixed
buster2:18.1.0-6fixed
bullseye, sid2:22.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasourcewheezy(unfixed)end-of-life
novasourcejessie(not affected)
novasource(unstable)2:14.0.0-4858568

Notes

[jessie] - nova <not-affected> (Vulnerable code not present)
[wheezy] - nova <end-of-life> (Not supported in Wheezy LTS)
https://bugs.launchpad.net/nova/+bug/1673569

Search for package or bug name: Reporting problems