CVE-2014-7231

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
openstackcinder
2013.2 ≤
𝑥
< 2013.2.4
openstackcinder
2014.1 ≤
𝑥
< 2014.1.3
openstacknova
2013.2 ≤
𝑥
< 2013.2.4
openstacknova
2014.1 ≤
𝑥
< 2014.1.3
openstacktrove
2013.2 ≤
𝑥
< 2013.2.4
openstacktrove
2014.1 ≤
𝑥
< 2014.1.3
redhatopenstack
5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-oslo.utils
bullseye
4.6.0-2
fixed
bullseye (security)
4.6.1-0+deb11u1
fixed
bookworm
6.0.1-2
fixed
sid
7.3.0-2
fixed
trixie
7.3.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-oslo.utils
trusty
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-1939.html
http://seclists.org/oss-sec/2014/q3/853
http://www.securityfocus.com/bid/70184
https://bugs.launchpad.net/oslo.utils/+bug/1345233
https://exchange.xforce.ibmcloud.com/vulnerabilities/96726
http://rhn.redhat.com/errata/RHSA-2014-1939.html
http://seclists.org/oss-sec/2014/q3/853
http://www.securityfocus.com/bid/70184
https://bugs.launchpad.net/oslo.utils/+bug/1345233
https://exchange.xforce.ibmcloud.com/vulnerabilities/96726