Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
Critical
|
Roman Lubianyi | ||
7.0.x |
Fix Committed
|
Critical
|
Roman Lubianyi |
Bug Description
Check whether 9.x-Mitaka is vulnerable to the CVE: [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
Details:
:Date: August 06, 2019
:CVE: CVE-2019-14433
Affects
~~~~~~~
- Nova: <17.0.12,
Description
~~~~~~~~~~~
Donny Davis with Intel reported a vulnerability in Nova Compute
resource fault handling. If an API request from an authenticated user
ends in a fault condition due to an external exception, details of the
underlying environment may be leaked in the response and could include
sensitive configuration or other data.
Patches
~~~~~~~
- https:/
- https:/
- https:/
- https:/
- https:/
- https:/
Credits
~~~~~~~
- Donny Davis from Intel (CVE-2019-14433)
References
~~~~~~~~~~
- https:/
- http://
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → Roman Lubianyi (rlubianyi) |
information type: | Private Security → Public Security |
https:/ /review. fuel-infra. org/#/c/ 41430/5