Published: 08/10/2014 Updated: 16/11/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack cinder
openstack nova
openstack trove
redhat openstack 5.0

Debian Bug report logs - #765704 CVE-2014-7230 & CVE-2014-7231: Potential leak of passwords into log files Package: cinder; Maintainer for cinder is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Fri, 17 Oct 2014 12:51:25 UTC Severity: important Tags: se ...

CWE-200 http://www.securityfocus.com/bid/70184 http://seclists.org/oss-sec/2014/q3/853 https://bugs.launchpad.net/oslo.utils/+bug/1345233 http://rhn.redhat.com/errata/RHSA-2014-1939.html https://exchange.xforce.ibmcloud.com/vulnerabilities/96726 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7231

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect