Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-14433

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
[OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Jeremy Stanley &lt;fungi () yuggoth org&gt;

Date: Tue, 6 Aug 2019 19:44:00 +0000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
==========================================================================
OSSA-2019-003: Nova Server Resource Faults Leak External Exception Details
==========================================================================

:Date: August 06, 2019
:CVE: CVE-2019-14433

Affects
~~~~~~~
- Nova: &lt;17.0.12,&gt;=18.0.0&lt;18.2.2,&gt;=19.0.0&lt;19.0.2

Description
~~~~~~~~~~~
Donny Davis with Intel reported a vulnerability in Nova Compute
resource fault handling. If an API request from an authenticated user
ends in a fault condition due to an external exception, details of the
underlying environment may be leaked in the response and could include
sensitive configuration or other data.

Patches
~~~~~~~
- https://review.openstack.org/674908 (Ocata)
- https://review.openstack.org/674877 (Pike)
- https://review.openstack.org/674859 (Queens)
- https://review.openstack.org/674848 (Rocky)
- https://review.openstack.org/674828 (Stein)
- https://review.openstack.org/674821 (Train)

Credits
~~~~~~~
- Donny Davis from Intel (CVE-2019-14433)

References
~~~~~~~~~~
- https://launchpad.net/bugs/1837877
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433

Notes
~~~~~
- The stable/ocata and stable/pike branches are under extended maintenance and
  will receive no new point releases, but patches for them are provided as a
  courtesy.

-- 
Jeremy Stanley
OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

[OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433) Jeremy Stanley (Aug 06)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

[OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)

Vulmon Search

About

Products

Connect