CVE-2022-0718

EUVD-2022-0189
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
openstackoslo.utils
𝑥
< 4.10.1
openstackoslo.utils
4.12.0
redhatopenshift_container_platform
4.0
redhatopenstack_platform
16.1
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-oslo.utils
bookworm
6.0.1-2
fixed
bullseye
no-dsa
bullseye (security)
vulnerable
sid
7.3.0-2
fixed
trixie
7.3.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-oslo.utils
bionic
Fixed 3.35.0-0ubuntu1.1
released
focal
Fixed 4.1.1-0ubuntu1.1
released
impish
Fixed 4.10.0-0ubuntu1.1
released
jammy
not-affected
trusty
ignored
xenial
Fixed 3.8.0-2ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2022-0718
https://bugs.launchpad.net/oslo.utils/+bug/1949623
https://bugzilla.redhat.com/show_bug.cgi?id=2056850
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa
https://security-tracker.debian.org/tracker/CVE-2022-0718
https://access.redhat.com/security/cve/CVE-2022-0718
https://bugs.launchpad.net/oslo.utils/+bug/1949623
https://bugzilla.redhat.com/show_bug.cgi?id=2056850
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa
https://security-tracker.debian.org/tracker/CVE-2022-0718