CVE-2019-14433

Published: Aug 9, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Affected (10)

Products: Openstack: Nova · Canonical: Ubuntu Linux · Redhat: Openstack · +1 more

Show all products

Openstack: Nova · Canonical: Ubuntu Linux · Redhat: Openstack · Debian: Debian Linux

1 product

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Nova	Before 17.0.12
Openstack Nova	From 18.0.0 to 18.2.2
Openstack Nova	From 19.0.0 to 19.0.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 10
Redhat Openstack	Version 13
Redhat Openstack	Version 14

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (16)

http://www.openwall.com/lists/oss-security/2019/08/06/6

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:2622

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2631

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2652

Source: cve@mitre.org

Third Party Advisory

https://launchpad.net/bugs/1837877

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.openstack.org/ossa/OSSA-2019-003.html

Source: cve@mitre.org

PatchVendor Advisory

https://usn.ubuntu.com/4104-1/

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/08/06/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:2622

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2631

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2652

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://launchpad.net/bugs/1837877

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.openstack.org/ossa/OSSA-2019-003.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://usn.ubuntu.com/4104-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.