Updated impact description taking into account Liberty EOL, newer master branch releases, and Morgan's and Matthew's suggestions from comments #9 and #10...
Title: CatchErrors leaks sensitive values in oslo.middleware
Reporter: Divya K Konoor (IBM)
Products: oslo.middleware
Affects: <=3.8.0, >=3.9.0 <=3.19.0, >=3.20.0 <=3.22.0
Description:
Divya K Konoor with IBM reported a vulnerability in oslo.middleware. Software using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure. For example, complete API requests (including keystone tokens in their headers) may leak into neutron error logs.
Updated impact description taking into account Liberty EOL, newer master branch releases, and Morgan's and Matthew's suggestions from comments #9 and #10...
Title: CatchErrors leaks sensitive values in oslo.middleware
Reporter: Divya K Konoor (IBM)
Products: oslo.middleware
Affects: <=3.8.0, >=3.9.0 <=3.19.0, >=3.20.0 <=3.22.0
Description:
Divya K Konoor with IBM reported a vulnerability in oslo.middleware. Software using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure. For example, complete API requests (including keystone tokens in their headers) may leak into neutron error logs.