Safety vulnerability ID: 36207
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Oslo.middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
Latest version: 6.3.0
Oslo Middleware library
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
MISC:https://bugs.launchpad.net/keystonemiddleware/+bug/1628031: https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
MISC:https://review.openstack.org/#/c/425730/: https://review.openstack.org/#/c/425730/
MISC:https://review.openstack.org/#/c/425732/: https://review.openstack.org/#/c/425732/
MISC:https://review.openstack.org/#/c/425734/: https://review.openstack.org/#/c/425734/
CONFIRM:http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html: http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
CONFIRM:https://access.redhat.com/errata/RHSA-2017:0300: https://access.redhat.com/errata/RHSA-2017:0300
CONFIRM:https://access.redhat.com/errata/RHSA-2017:0435: https://access.redhat.com/errata/RHSA-2017:0435
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
REDHAT:RHSA-2017:0300: http://rhn.redhat.com/errata/RHSA-2017-0300.html
REDHAT:RHSA-2017:0435: http://rhn.redhat.com/errata/RHSA-2017-0435.html
BID:95827: http://www.securityfocus.com/bid/95827
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application