CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
openstackoslo.utils
𝑥
< 4.10.1
openstackoslo.utils
4.12.0
redhatopenshift_container_platform
4.0
redhatopenstack_platform
16.1
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-oslo.utils
bullseye
no-dsa
bullseye (security)
vulnerable
bookworm
6.0.1-2
fixed
sid
7.3.0-2
fixed
trixie
7.3.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-oslo.utils
jammy
not-affected
impish
Fixed 4.10.0-0ubuntu1.1
released
focal
Fixed 4.1.1-0ubuntu1.1
released
bionic
Fixed 3.35.0-0ubuntu1.1
released
xenial
Fixed 3.8.0-2ubuntu0.1~esm1
released
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2022-0718
https://bugs.launchpad.net/oslo.utils/+bug/1949623
https://bugzilla.redhat.com/show_bug.cgi?id=2056850
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa
https://security-tracker.debian.org/tracker/CVE-2022-0718
https://access.redhat.com/security/cve/CVE-2022-0718
https://bugs.launchpad.net/oslo.utils/+bug/1949623
https://bugzilla.redhat.com/show_bug.cgi?id=2056850
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa
https://security-tracker.debian.org/tracker/CVE-2022-0718