2.1

CVE-2014-7231

Exploit

EPSS 0.16%
Veröffentlicht 08.10.2014 19:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Cinder Version >= 2013.2 < 2013.2.4

Openstack ≫ Cinder Version >= 2014.1 < 2014.1.3

Openstack ≫ Nova Version >= 2013.2 < 2013.2.4

Openstack ≫ Nova Version >= 2014.1 < 2014.1.3

Openstack ≫ Trove Version >= 2013.2 < 2013.2.4

Openstack ≫ Trove Version >= 2014.1 < 2014.1.3

Redhat ≫ Openstack Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.371

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://rhn.redhat.com/errata/RHSA-2014-1939.html

Third Party Advisory

http://seclists.org/oss-sec/2014/q3/853

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/70184

Third Party Advisory

VDB Entry

https://bugs.launchpad.net/oslo.utils/+bug/1345233

Third Party Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/96726

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2014-7231

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7231

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7231

EUVD