Redhat : Security Vulnerabilities, CVEs, Published In October 2014 (Information Leak)
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-08
Updated
2018-11-16
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-08
Updated
2018-11-16
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-16
Updated
2023-02-13
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-16
Updated
2023-02-13
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
Max CVSS
5.0
EPSS Score
0.30%
Published
2014-10-16
Updated
2023-02-13
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
Max CVSS
4.0
EPSS Score
0.33%
Published
2014-10-02
Updated
2023-02-13
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
Max CVSS
5.0
EPSS Score
0.30%
Published
2014-10-06
Updated
2023-02-13
7 vulnerabilities found