// For flags

CVE-2017-7214

openstack-nova: Sensitive information included in legacy notification exception contexts

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

Un problema ha sido descubierto en exception_wrapper.py en OpenStack Nova 13.x en versiones hasta 13.1.3, 14.x en versiones hasta 14.0.4 y 15.x en versiones hasta 15.0.1. Los contextos de legado excepción de notificación que aparecen en los registros de nivel de ERROR pueden incluir información confidencial como contraseñas de cuenta y tokens de autorización.

An information exposure issue was discovered in OpenStack Compute's exception_wrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens.

OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API and command-line script both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: python-novaclient, openstack-nova.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-03-21 CVE Reserved
  • 2017-03-21 CVE Published
  • 2024-08-05 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-532: Insertion of Sensitive Information into Log File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 13.0.0
Search vendor "Openstack" for product "Nova" and version "13.0.0"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 13.1.0
Search vendor "Openstack" for product "Nova" and version "13.1.0"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 13.1.1
Search vendor "Openstack" for product "Nova" and version "13.1.1"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 13.1.2
Search vendor "Openstack" for product "Nova" and version "13.1.2"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 13.1.3
Search vendor "Openstack" for product "Nova" and version "13.1.3"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 14.0.0
Search vendor "Openstack" for product "Nova" and version "14.0.0"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 14.0.1
Search vendor "Openstack" for product "Nova" and version "14.0.1"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 14.0.2
Search vendor "Openstack" for product "Nova" and version "14.0.2"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 14.0.3
Search vendor "Openstack" for product "Nova" and version "14.0.3"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 14.0.4
Search vendor "Openstack" for product "Nova" and version "14.0.4"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 15.0.0
Search vendor "Openstack" for product "Nova" and version "15.0.0"
-
Affected
Openstack
Search vendor "Openstack"
 Nova
Search vendor "Openstack" for product "Nova"
 15.0.1
Search vendor "Openstack" for product "Nova" and version "15.0.1"
-
Affected