Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2017-2592

Published: 08/05/2018 Updated: 09/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Oslo.middleware

Vulnerability Summary

python-oslo-middleware prior to 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

Vulnerable Product Search on Vulmon Subscribe to Product

openstack oslo.middleware

canonical ubuntu linux 16.04

Vendor Advisories

Debian CVElist Bug Report Logs: python-oslo.middleware: CVE-2017-2592: CatchErrors leaks sensitive values in oslo.middleware
Debian Bug report logs - #852742 python-oslomiddleware: CVE-2017-2592: CatchErrors leaks sensitive values in oslomiddleware Package: src:python-oslomiddleware; Maintainer for src:python-oslomiddleware is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...
Ubuntu Security Notice: python-oslo.middleware vulnerability
Applications using Oslo middleware could be made to expose sensitive information ...
Red Hat: Moderate: python-oslo-middleware security update
Synopsis Moderate: python-oslo-middleware security update Type/Severity Security Advisory: Moderate Topic An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulner ...
Red Hat: Moderate: python-oslo-middleware security update
Synopsis Moderate: python-oslo-middleware security update Type/Severity Security Advisory: Moderate Topic An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnera ...
Red Hat: CVE-2017-2592
An information-disclosure flaw was found in oslomiddleware Software using the CatchError class could include sensitive values in a traceback's error message System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens) ...

References

CWE-532https://review.openstack.org/#/c/425734/https://review.openstack.org/#/c/425732/https://review.openstack.org/#/c/425730/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592https://bugs.launchpad.net/keystonemiddleware/+bug/1628031https://access.redhat.com/errata/RHSA-2017:0435https://access.redhat.com/errata/RHSA-2017:0300http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.htmlhttp://www.securityfocus.com/bid/95827http://rhn.redhat.com/errata/RHSA-2017-0435.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0300.htmlhttps://usn.ubuntu.com/3666-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852742https://usn.ubuntu.com/3666-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook