Published: 08/10/2014 Updated: 16/11/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack trove
openstack cinder
openstack nova
redhat openstack 5.0
canonical ubuntu linux 14.04

Debian Bug report logs - #765704 CVE-2014-7230 & CVE-2014-7231: Potential leak of passwords into log files Package: cinder; Maintainer for cinder is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Fri, 17 Oct 2014 12:51:25 UTC Severity: important Tags: se ...

OpenStack Cinder could be made to expose sensitive information over the network ...

OpenStack Nova could be made to expose sensitive information ...

CWE-200 http://www.securityfocus.com/bid/70185 https://bugs.launchpad.net/oslo-incubator/+bug/1343604 http://seclists.org/oss-sec/2014/q3/853 http://www.ubuntu.com/usn/USN-2405-1 http://rhn.redhat.com/errata/RHSA-2014-1939.html https://exchange.xforce.ibmcloud.com/vulnerabilities/96725 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704 https://nvd.nist.gov https://usn.ubuntu.com/2405-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7230

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect