CVE-2014-7231
Trove: potential leak of passwords into log files
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
La función strutils.mask_password en la libraría de utilidades de OpenStack Oslo, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 no enmasca debidamente contraseñas cuando registra comandos, lo que permite a usuarios locales obtener contraseñas mediante la lectura del registro.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-09-29 CVE Reserved
- 2014-10-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q3/853 | Mailing List |
|
| http://www.securityfocus.com/bid/70184 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96726 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/oslo.utils/+bug/1345233 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1939.html | 2018-11-16 | |
| https://access.redhat.com/security/cve/CVE-2014-7231 | 2014-12-02 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1147722 | 2014-12-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Cinder Search vendor "Openstack" for product "Cinder" | >= 2013.2 < 2013.2.4 Search vendor "Openstack" for product "Cinder" and version " >= 2013.2 < 2013.2.4" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Cinder Search vendor "Openstack" for product "Cinder" | >= 2014.1 < 2014.1.3 Search vendor "Openstack" for product "Cinder" and version " >= 2014.1 < 2014.1.3" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2013.2 < 2013.2.4 Search vendor "Openstack" for product "Nova" and version " >= 2013.2 < 2013.2.4" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2014.1 < 2014.1.3 Search vendor "Openstack" for product "Nova" and version " >= 2014.1 < 2014.1.3" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Trove Search vendor "Openstack" for product "Trove" | >= 2013.2 < 2013.2.4 Search vendor "Openstack" for product "Trove" and version " >= 2013.2 < 2013.2.4" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Trove Search vendor "Openstack" for product "Trove" | >= 2014.1 < 2014.1.3 Search vendor "Openstack" for product "Trove" and version " >= 2014.1 < 2014.1.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
| ||||||