Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Mirantis OpenStack |
Critical
|
Roman Lubianyi | ||
| 7.0.x |
Critical
|
Roman Lubianyi |
Bug Description
Check whether 9.x-Mitaka is vulnerable to the CVE: [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)
Details:
:Date: August 06, 2019
:CVE: CVE-2019-14433
Affects
~~~~~~~
- Nova: <17.0.12,
Description
~~~~~~~~~~~
Donny Davis with Intel reported a vulnerability in Nova Compute
resource fault handling. If an API request from an authenticated user
ends in a fault condition due to an external exception, details of the
underlying environment may be leaked in the response and could include
sensitive configuration or other data.
Patches
~~~~~~~
- https:/
- https:/
- https:/
- https:/
- https:/
- https:/
Credits
~~~~~~~
- Donny Davis from Intel (CVE-2019-14433)
References
~~~~~~~~~~
- https:/
- http://
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → Roman Lubianyi (rlubianyi) |
Denis Meltsaykin (dmeltsaykin) wrote : | #2 |
Fix for Kilo is commited: https:/
Pavel Glazov (pglazovv) wrote : | #3 |
Verified
Error message for non-admin users:
Fault OSError
Message Code 500
Changed in mos: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public Security |
https:/ /review. fuel-infra. org/#/c/ 41430/5