Vulnerability Details : CVE-2017-7214
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
Products affected by CVE-2017-7214
- cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7214
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-7214
-
The product writes sensitive information to a log file.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7214
-
https://access.redhat.com/errata/RHSA-2017:1508
RHSA-2017:1508 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1595
RHSA-2017:1595 - Security Advisory - Red Hat Customer Portal
-
https://launchpad.net/bugs/1673569
Bug #1673569 “[OSSA-2017-002] Failed notification payload is dum...” : Bugs : OpenStack Compute (nova)Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/96998
OpenStack Nova CVE-2017-7214 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to