6.5

CVE-2019-14433

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNova Version < 17.0.12
OpenstackNova Version >= 18.0.0 < 18.2.2
OpenstackNova Version >= 19.0.0 < 19.0.2
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
RedhatOpenstack Version10
RedhatOpenstack Version13
RedhatOpenstack Version14
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.93% 0.773
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

http://www.openwall.com/lists/oss-security/2019/08/06/6
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2019:2622
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2631
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2652
Third Party Advisory
https://launchpad.net/bugs/1837877
Patch
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
Third Party Advisory
Mailing List
https://security.openstack.org/ossa/OSSA-2019-003.html
Patch
Vendor Advisory
https://usn.ubuntu.com/4104-1/
Third Party Advisory