CVE-2019-14433

Advisory

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

Affected versions

[This affected versions has been limited. Please create a free account to view the full affected versions.]

Fixed versions

[This fixed versions has been limited. Please create a free account to view the full fixed versions.]

Vulnerability changelog

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.


CONFIRM:https://security.openstack.org/ossa/OSSA-2019-003.html: https://security.openstack.org/ossa/OSSA-2019-003.html
MISC:https://launchpad.net/bugs/1837877: https://launchpad.net/bugs/1837877
MLIST:[oss-security] 20190806 [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433): http://www.openwall.com/lists/oss-security/2019/08/06/6

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
• http://www.openwall.com/lists/oss-security/2019/08/06/6
• https://security.openstack.org/ossa/OSSA-2019-003.html
• https://launchpad.net/bugs/1837877
• https://usn.ubuntu.com/4104-1/
• https://access.redhat.com/errata/RHSA-2019:2622
• https://access.redhat.com/errata/RHSA-2019:2631
• https://access.redhat.com/errata/RHSA-2019:2652
• https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html