python-oslo-middleware prior to 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack oslo.middleware |
||
canonical ubuntu linux 16.04 |