CVE-2019-3866
openstack-mistral: information disclosure in mistral log
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
Se detectó una vulnerabilidad de exposición a la información donde los archivos de registro bajo la nube de openstack-mistral que contenían información de texto sin cifrar fueron hechos de tipo world readable. Un usuario del sistema malicioso podría explotar este fallo para acceder a información confidencial del usuario.
Quay 3.4.0 release. Issues addressed include HTTP request smuggling, buffer overflow, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-11-08 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3866 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2019-3866 | 2021-02-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1768731 | 2021-02-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 14 Search vendor "Redhat" for product "Openstack" and version "14" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 15 Search vendor "Redhat" for product "Openstack" and version "15" | - |
Safe
|