2.1

CVE-2014-7231

Exploit

EPSS 0.16%
Published 08.10.2014 19:55:04
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Cinder Version >= 2013.2 < 2013.2.4

Openstack ≫ Cinder Version >= 2014.1 < 2014.1.3

Openstack ≫ Nova Version >= 2013.2 < 2013.2.4

Openstack ≫ Nova Version >= 2014.1 < 2014.1.3

Openstack ≫ Trove Version >= 2013.2 < 2013.2.4

Openstack ≫ Trove Version >= 2014.1 < 2014.1.3

Redhat ≫ Openstack Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.371

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://rhn.redhat.com/errata/RHSA-2014-1939.html

Third Party Advisory

http://seclists.org/oss-sec/2014/q3/853

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/70184

Third Party Advisory

VDB Entry

https://bugs.launchpad.net/oslo.utils/+bug/1345233

Third Party Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/96726

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2014-7231

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7231

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7231

EUVD