CVE-2017-2592

EUVD-2018-0109
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
redhatCNA
5.9 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
openstackoslo.middleware
𝑥
≤ 3.8.0
openstackoslo.middleware
3.9.0 ≤
𝑥
≤ 3.19.0
openstackoslo.middleware
3.20.0 ≤
𝑥
≤ 3.23.0
canonicalubuntu_linux
16.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-oslo.middleware
bookworm
5.0.0-2
fixed
bullseye
4.1.1-2
fixed
sid
6.2.0-2
fixed
trixie
6.2.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-oslo.middleware
artful
not-affected
bionic
not-affected
precise
dne
trusty
dne
xenial
Fixed 3.8.0-2ubuntu1
released
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
http://rhn.redhat.com/errata/RHSA-2017-0300.html
http://rhn.redhat.com/errata/RHSA-2017-0435.html
http://www.securityfocus.com/bid/95827
https://access.redhat.com/errata/RHSA-2017:0300
https://access.redhat.com/errata/RHSA-2017:0435
https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
https://review.openstack.org/#/c/425730/
https://review.openstack.org/#/c/425732/
https://review.openstack.org/#/c/425734/
https://usn.ubuntu.com/3666-1/
http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
http://rhn.redhat.com/errata/RHSA-2017-0300.html
http://rhn.redhat.com/errata/RHSA-2017-0435.html
http://www.securityfocus.com/bid/95827
https://access.redhat.com/errata/RHSA-2017:0300
https://access.redhat.com/errata/RHSA-2017:0435
https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
https://review.openstack.org/#/c/425730/
https://review.openstack.org/#/c/425732/
https://review.openstack.org/#/c/425734/
https://usn.ubuntu.com/3666-1/