Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcDgtaGg3NC1mNm1j
oslo.middleware Information Disclosure vulnerability
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
Permalink: https://github.com/advisories/GHSA-xcp8-hh74-f6mcJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcDgtaGg3NC1mNm1j
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 6 years ago
Updated: 2 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00062
EPSS Percentile: 0.27561
Identifiers: GHSA-xcp8-hh74-f6mc, CVE-2017-2592
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-2592
- https://github.com/advisories/GHSA-xcp8-hh74-f6mc
- https://access.redhat.com/errata/RHSA-2017:0300
- https://access.redhat.com/errata/RHSA-2017:0435
- https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
- https://github.com/pypa/advisory-database/tree/main/vulns/oslo-middleware/PYSEC-2018-104.yaml
- http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
- http://rhn.redhat.com/errata/RHSA-2017-0300.html
- http://rhn.redhat.com/errata/RHSA-2017-0435.html
- https://review.openstack.org/#/c/425730
- https://review.openstack.org/#/c/425732
- https://review.openstack.org/#/c/425734
- https://usn.ubuntu.com/3666-1
Affected Packages
pypi:oslo-middleware
Dependent packages: 49Dependent repositories: 355
Downloads: 120,373 last month
Affected Version Ranges: >= 3.20.0, < 3.23.1, >= 0, < 3.8.1, >= 3.9.0, < 3.19.1
Fixed in: 3.23.1, 3.8.1, 3.19.1
All affected versions:
All unaffected versions:
pypi:oslo.middleware
Dependent packages: 49Dependent repositories: 355
Downloads: 120,373 last month
Affected Version Ranges: >= 3.20.0, < 3.23.1, >= 3.9.0, < 3.19.1, < 3.8.1
Fixed in: 3.23.1, 3.19.1, 3.8.1
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.13.0, 3.14.0, 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.21.0, 3.22.0, 3.23.0
All unaffected versions: 3.8.1, 3.19.1, 3.23.1, 3.23.2, 3.23.3, 3.24.0, 3.25.0, 3.26.0, 3.27.0, 3.28.0, 3.29.0, 3.29.1, 3.29.2, 3.30.0, 3.30.1, 3.30.2, 3.31.0, 3.32.0, 3.32.1, 3.33.0, 3.34.0, 3.35.0, 3.36.0, 3.37.0, 3.37.1, 3.38.0, 3.38.1, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.3.0, 4.4.0, 4.5.0, 4.5.1, 5.0.0, 5.1.0, 5.1.1, 5.2.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0