Impact: Moderate Public Date: 2019-08-06 CWE: CWE-209 Bugzilla: 1735522: CVE-2019-14433 openstack-nova: Nova server resource faults leak external exception details A vulnerability was found in the Nova Compute resource fault handling. The Nova Compute service may leak configuration information or other sensitive information upon a failed API request. In order to trigger this vulnerability, the API request needs to fail due to an external exception. The ability of an attacker to trigger an external exception in another component will determine the success of this attack.
Find out more about CVE-2019-14433 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat OpenStack Platform 9 will be retired shortly after the flaws public date, based on the severity of this vulnerability it was determined that this fix would not be back-ported.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 9.0 | openstack-nova | Will not fix |
| Red Hat OpenStack Platform 14.0 (Rocky) | openstack-nova | Affected |
| Red Hat OpenStack Platform 13.0 (Queens) | openstack-nova | Affected |
| Red Hat OpenStack Platform 10 | openstack-nova | Affected |
Vulmon