CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0718 – python-oslo-utils: incorrect password masking in debug output
https://notcve.org/view.php?id=CVE-2022-0718
24 Mar 2022 — A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. Se ha encontrado un fallo en python-oslo-utils. Debido a un análisis inapropiado, las contraseñas con comillas dobles ( " ) causan un enmascaramiento incorrecto en los registros de depuración, causando que cualquier parte de la contraseña después de las comillas dobles sea texto plano It was... • https://access.redhat.com/security/cve/CVE-2022-0718 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2592 – python-oslo-middleware: CatchErrors leaks sensitive values into error logs
https://notcve.org/view.php?id=CVE-2017-2592
23 Feb 2017 — python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). python-oslo-middleware en versiones anteriores a la 3.8.1, 3.19.1 y 3.23.1 es vulnerable a una divulgación de información. El software que emplea la clase CatchError inclu... • http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4615 – pycadf: token leak to message queue
https://notcve.org/view.php?id=CVE-2014-4615
11 Aug 2014 — The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). El middleware notificador en OpenStack PyCADF 0.5.0 y anteriores, Telemetry (Ceilometer) 2013.2 anterior a 2013.2.4 y 2014.x anterior a 2014.1.2, Neutron 2014.x anterior a 2014.1.2 y Juno ante... • http://rhn.redhat.com/errata/RHSA-2014-1050.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6491 – nova: qpid SSL configuration
https://notcve.org/view.php?id=CVE-2013-6491
31 Jan 2014 — The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. El cliente python-qpid (common/rpc/impl_qpid.py) en OpenStack Oslo anterior a 2013.2 no fuerza conexiones SSL cuando qpid_protocol se establece a ssl, lo cual permite a atacantes remotos obtener información sensible escuchando la red. The openstack-nova packages provide OpenSt... • http://rhn.redhat.com/errata/RHSA-2014-0112.html • CWE-310: Cryptographic Issues •