CVE-2018-16856

Published: Mar 26, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

Affected (5)

Products: Openstack: Octavia · Redhat: Openstack

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Octavia	From 2.0.0 to 2.0.2-5
Openstack Octavia	From 3.0.0 to 3.0.1-0.20181009115732

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 12
Redhat Openstack	Version 13
Redhat Openstack	Version 14

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.