Vulnerability Details : CVE-2019-14433
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
Products affected by CVE-2019-14433
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14433
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14433
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-14433
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-14433
-
https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
[SECURITY] [DLA 3109-1] nova security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2631
RHSA-2019:2631 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2622
RHSA-2019:2622 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2652
RHSA-2019:2652 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/08/06/6
oss-security - [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)Mailing List;Third Party Advisory
-
https://security.openstack.org/ossa/OSSA-2019-003.html
OpenStack Docs: OSSA-2019-003: Nova Server Resource Faults Leak External Exception DetailsPatch;Vendor Advisory
-
https://usn.ubuntu.com/4104-1/
USN-4104-1: Nova vulnerability | Ubuntu security noticesThird Party Advisory
-
https://launchpad.net/bugs/1837877
Bug #1837877 “[OSSA-2019-003] Nova Server Resource Faults Leak E...” : Bugs : OpenStack Compute (nova)Issue Tracking;Patch;Third Party Advisory
Jump to