CVE-2017-7214
An information exposure issue was discovered in OpenStack Compute's exception_wrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens.
Find out more about CVE-2017-7214 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 6.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
| Attack Vector | Adjacent Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenStack Platform 9.0 (openstack-nova) | RHSA-2017:1508 | 2017-06-19 |
| Red Hat OpenStack Platform 10 (openstack-nova) | RHSA-2017:1595 | 2017-06-28 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 8.0 (Liberty) | openstack-nova | Not affected |
| Red Hat OpenStack Platform 11.0 (Ocata) | openstack-nova | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | openstack-nova | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | openstack-nova | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | openstack-nova | Not affected |