Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Mirantis OpenStack |
Critical
|
Roman Lubianyi | ||
| | 7.0.x |
Critical
|
Roman Lubianyi | ||
Bug Description
Check whether 9.x-Mitaka is vulnerable to the CVE: [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
Details:
:Date: August 06, 2019
:CVE: CVE-2019-14433
Affects
~~~~~~~
- Nova: <17.0.12,
Description
~~~~~~~~~~~
Donny Davis with Intel reported a vulnerability in Nova Compute
resource fault handling. If an API request from an authenticated user
ends in a fault condition due to an external exception, details of the
underlying environment may be leaked in the response and could include
sensitive configuration or other data.
Patches
~~~~~~~
- https:/
- https:/
- https:/
- https:/
- https:/
- https:/
Credits
~~~~~~~
- Donny Davis from Intel (CVE-2019-14433)
References
~~~~~~~~~~
- https:/
- http://
| Changed in mos: | |
| assignee: | MOS Maintenance (mos-maintenance) → Roman Lubianyi (rlubianyi) |
| Denis Meltsaykin (dmeltsaykin) wrote : | #2 |
Fix for Kilo is commited: https:/
| Pavel Glazov (pglazovv) wrote : | #3 |
Verified
Error message for non-admin users:
Fault OSError
Message Code 500
| Changed in mos: | |
| status: | Fix Committed → Fix Released |
| information type: | Private Security → Public Security |
https:/