CVE-2014-7230

Impact:
Low
Public Date:
2014-07-22
CWE:
(CWE-184|CWE-532)->CWE-522
Bugzilla:
1147722: CVE-2014-7230 CVE-2014-7231 OpenStack Cinder, Nova, Trove: potential leak of passwords into log files

The MITRE CVE dictionary describes this issue as:

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Find out more about CVE-2014-7230 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (openstack-nova) RHSA-2014:1781 2014-11-03
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (openstack-trove) RHSA-2014:1939 2014-12-02
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (openstack-nova) RHSA-2014:1782 2014-11-03
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (openstack-cinder) RHSA-2014:1788 2014-11-03
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (openstack-cinder) RHSA-2014:1787 2014-11-03

Affected Packages State

Platform Package State
Red Hat Enterprise Linux OpenStack Platform 4.0 openstack-cinder Will not fix
Red Hat Enterprise Linux OpenStack Platform 4.0 openstack-nova Will not fix

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.