CVE 2019-14433
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
Related bugs and status
CVE-2019-14433 (Candidate) is related to these bugs:
Bug #1816468: [SRU] Acceleration cinder - glance with ceph not working
Bug #1833406: nova-compute-qemu package not pulling in proper qemu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1833406 | nova-compute-qemu package not pulling in proper qemu | nova (Ubuntu) | Medium | Fix Released | ||
| 1833406 | nova-compute-qemu package not pulling in proper qemu | nova (Ubuntu Eoan) | Medium | Fix Released | ||
| 1833406 | nova-compute-qemu package not pulling in proper qemu | nova (Ubuntu Disco) | Medium | Won't Fix | ||
| 1833406 | nova-compute-qemu package not pulling in proper qemu | Ubuntu Cloud Archive | Medium | Fix Released | ||
| 1833406 | nova-compute-qemu package not pulling in proper qemu | Ubuntu Cloud Archive stein | Medium | Fix Released | ||
| 1833406 | nova-compute-qemu package not pulling in proper qemu | Ubuntu Cloud Archive train | Medium | Fix Released | ||
Bug #1837877: [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
Bug #1848153: [SRU] rocky point releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1848153 | [SRU] rocky point releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1848153 | [SRU] rocky point releases | Ubuntu Cloud Archive rocky | High | Fix Released | ||
Bug #1848302: [SRU] queens stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1848302 | [SRU] queens stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1848302 | [SRU] queens stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 1848302 | [SRU] queens stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 1848302 | [SRU] queens stable releases | cinder (Ubuntu Bionic) | High | Fix Released | ||
| 1848302 | [SRU] queens stable releases | nova (Ubuntu Bionic) | High | Fix Released | ||
| 1848302 | [SRU] queens stable releases | Ubuntu Cloud Archive queens | High | Fix Released | ||
Bug #1849192: [SRU] stein stable releases
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1849192 | [SRU] stein stable releases | nova (Ubuntu) | Undecided | Invalid | ||
| 1849192 | [SRU] stein stable releases | nova (Ubuntu Disco) | High | Won't Fix | ||
| 1849192 | [SRU] stein stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
| 1849192 | [SRU] stein stable releases | cinder (Ubuntu Disco) | High | Won't Fix | ||
| 1849192 | [SRU] stein stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1849192 | [SRU] stein stable releases | Ubuntu Cloud Archive stein | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
