CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
redhatCNA
5.9 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
openstackoslo.middleware
𝑥
≤ 3.8.0
openstackoslo.middleware
3.9.0 ≤
𝑥
≤ 3.19.0
openstackoslo.middleware
3.20.0 ≤
𝑥
≤ 3.23.0
canonicalubuntu_linux
16.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-oslo.middleware
bullseye
4.1.1-2
fixed
bookworm
5.0.0-2
fixed
sid
6.2.0-2
fixed
trixie
6.2.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-oslo.middleware
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
ignored
xenial
Fixed 3.8.0-2ubuntu1
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
http://rhn.redhat.com/errata/RHSA-2017-0300.html
http://rhn.redhat.com/errata/RHSA-2017-0435.html
http://www.securityfocus.com/bid/95827
https://access.redhat.com/errata/RHSA-2017:0300
https://access.redhat.com/errata/RHSA-2017:0435
https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
https://review.openstack.org/#/c/425730/
https://review.openstack.org/#/c/425732/
https://review.openstack.org/#/c/425734/
https://usn.ubuntu.com/3666-1/
http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
http://rhn.redhat.com/errata/RHSA-2017-0300.html
http://rhn.redhat.com/errata/RHSA-2017-0435.html
http://www.securityfocus.com/bid/95827
https://access.redhat.com/errata/RHSA-2017:0300
https://access.redhat.com/errata/RHSA-2017:0435
https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
https://review.openstack.org/#/c/425730/
https://review.openstack.org/#/c/425732/
https://review.openstack.org/#/c/425734/
https://usn.ubuntu.com/3666-1/