Launchpad.net

CVE 2017-7214

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

Related bugs and status

CVE-2017-7214 (Candidate) is related to these bugs:

Bug #1673569: [OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)

		In	Importance	Status
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	OpenStack Compute (nova)	High	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	OpenStack Security Advisory	Medium	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	OpenStack Compute (nova) mitaka	High	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	OpenStack Compute (nova) newton	High	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	OpenStack Compute (nova) ocata	High	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	Ubuntu Cloud Archive	Undecided	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	Ubuntu Cloud Archive mitaka	Undecided	New
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	Ubuntu Cloud Archive ocata	Undecided	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	Ubuntu Cloud Archive newton	Undecided	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	nova (Ubuntu)	Undecided	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	nova (Ubuntu Xenial)	Undecided	New
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	nova (Ubuntu Yakkety)	Undecided	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	nova (Ubuntu Artful)	Undecided	Fix Released
1673569	[OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)	nova (Ubuntu Zesty)	Undecided	Fix Released

Bug #1688557: [SRU] newton stable releases

		In	Importance	Status
1688557	[SRU] newton stable releases	ceilometer (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	nova (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	aodh (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	cinder (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	designate (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	heat (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	horizon (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	neutron (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	neutron-fwaas (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	neutron-lbaas (Ubuntu)	Undecided	Invalid
1688557	[SRU] newton stable releases	aodh (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	ceilometer (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	cinder (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	designate (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	heat (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	horizon (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	neutron (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	neutron-fwaas (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	neutron-lbaas (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	nova (Ubuntu Yakkety)	Undecided	Fix Released
1688557	[SRU] newton stable releases	Ubuntu Cloud Archive	Undecided	Invalid
1688557	[SRU] newton stable releases	Ubuntu Cloud Archive newton	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-7214

Related bugs and status

Related bugs

References