CVE-2019-3866
openstack-mistral: information disclosure in mistral log
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
Se detectó una vulnerabilidad de exposición a la información donde los archivos de registro bajo la nube de openstack-mistral que contenían información de texto sin cifrar fueron hechos de tipo world readable. Un usuario del sistema malicioso podría explotar este fallo para acceder a información confidencial del usuario.
It was discovered that Mistral incorrectly handled nested anchors in YAML files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH private key filename commands. An attacker could possibly use this issue to expose sensitive information. It was discovered that Mistral incorrectly handled the permissions of sensitive log files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-11-08 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3866 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-3866 | 2021-02-04 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1768731 | 2021-02-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Safe
|
Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Safe
|
Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 14 Search vendor "Redhat" for product "Openstack" and version "14" | - |
Safe
|
Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 15 Search vendor "Redhat" for product "Openstack" and version "15" | - |
Safe
|