NotCVE - vendor:"Openstack" product:"Trove" version:" >= 2014.1

3 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3156

https://notcve.org/view.php?id=CVE-2015-3156

11 Aug 2017 — The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.p... • https://bugs.launchpad.net/trove/+bug/1398195 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2014-7230 – Trove: potential leak of passwords into log files

https://notcve.org/view.php?id=CVE-2014-7230

08 Oct 2014 — The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. La función processutils.execute en OpenStack oslo-incubator, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 permite a usuarios locales obtener contraseñas de comandos que causan un error de ejecución de proceso (ProcessExecutionError) mediante la lec... • http://rhn.redhat.com/errata/RHSA-2014-1939.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2014-7231 – Trove: potential leak of passwords into log files

https://notcve.org/view.php?id=CVE-2014-7231

08 Oct 2014 — The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. La función strutils.mask_password en la libraría de utilidades de OpenStack Oslo, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 no enmasca debidamente contraseñas cuando registra comandos, lo que permite a usuarios locales o... • http://rhn.redhat.com/errata/RHSA-2014-1939.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •