Vulnerability Details CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.6%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 2.1
References
- http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
- http://rhn.redhat.com/errata/RHSA-2017-0300.html
- http://rhn.redhat.com/errata/RHSA-2017-0435.html
- http://www.securityfocus.com/bid/95827
- https://access.redhat.com/errata/RHSA-2017:0300
- https://access.redhat.com/errata/RHSA-2017:0435
- https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
- https://review.openstack.org/#/c/425730/
- https://review.openstack.org/#/c/425732/
- https://review.openstack.org/#/c/425734/
- https://usn.ubuntu.com/3666-1/
- http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html
- http://rhn.redhat.com/errata/RHSA-2017-0300.html
- http://rhn.redhat.com/errata/RHSA-2017-0435.html
- http://www.securityfocus.com/bid/95827
- https://access.redhat.com/errata/RHSA-2017:0300
- https://access.redhat.com/errata/RHSA-2017:0435
- https://bugs.launchpad.net/keystonemiddleware/+bug/1628031
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592
- https://review.openstack.org/#/c/425730/
- https://review.openstack.org/#/c/425732/
- https://review.openstack.org/#/c/425734/
- https://usn.ubuntu.com/3666-1/
Products affected by CVE-2017-2592
-
cpe:2.3:a:openstack:oslo.middleware:0.1.0
-
cpe:2.3:a:openstack:oslo.middleware:0.2.0
-
cpe:2.3:a:openstack:oslo.middleware:0.3.0
-
cpe:2.3:a:openstack:oslo.middleware:0.4.0
-
cpe:2.3:a:openstack:oslo.middleware:0.5.0
-
cpe:2.3:a:openstack:oslo.middleware:1.0.0
-
cpe:2.3:a:openstack:oslo.middleware:1.1.0
-
cpe:2.3:a:openstack:oslo.middleware:1.2.0
-
cpe:2.3:a:openstack:oslo.middleware:1.3.0
-
cpe:2.3:a:openstack:oslo.middleware:2.0.0
-
cpe:2.3:a:openstack:oslo.middleware:2.1.0
-
cpe:2.3:a:openstack:oslo.middleware:2.10.0
-
cpe:2.3:a:openstack:oslo.middleware:2.11.0
-
cpe:2.3:a:openstack:oslo.middleware:2.2.0
-
cpe:2.3:a:openstack:oslo.middleware:2.3.0
-
cpe:2.3:a:openstack:oslo.middleware:2.4.0
-
cpe:2.3:a:openstack:oslo.middleware:2.5.0
-
cpe:2.3:a:openstack:oslo.middleware:2.6.0
-
cpe:2.3:a:openstack:oslo.middleware:2.6.1
-
cpe:2.3:a:openstack:oslo.middleware:2.7.0
-
cpe:2.3:a:openstack:oslo.middleware:2.8.0
-
cpe:2.3:a:openstack:oslo.middleware:2.9.0
-
cpe:2.3:a:openstack:oslo.middleware:3.0.0
-
cpe:2.3:a:openstack:oslo.middleware:3.1.0
-
cpe:2.3:a:openstack:oslo.middleware:3.10.0
-
cpe:2.3:a:openstack:oslo.middleware:3.11.0
-
cpe:2.3:a:openstack:oslo.middleware:3.12.0
-
cpe:2.3:a:openstack:oslo.middleware:3.13.0
-
cpe:2.3:a:openstack:oslo.middleware:3.14.0
-
cpe:2.3:a:openstack:oslo.middleware:3.15.0
-
cpe:2.3:a:openstack:oslo.middleware:3.16.0
-
cpe:2.3:a:openstack:oslo.middleware:3.17.0
-
cpe:2.3:a:openstack:oslo.middleware:3.18.0
-
cpe:2.3:a:openstack:oslo.middleware:3.19.0
-
cpe:2.3:a:openstack:oslo.middleware:3.2.0
-
cpe:2.3:a:openstack:oslo.middleware:3.20.0
-
cpe:2.3:a:openstack:oslo.middleware:3.21.0
-
cpe:2.3:a:openstack:oslo.middleware:3.22.0
-
cpe:2.3:a:openstack:oslo.middleware:3.23.0
-
cpe:2.3:a:openstack:oslo.middleware:3.3.0
-
cpe:2.3:a:openstack:oslo.middleware:3.4.0
-
cpe:2.3:a:openstack:oslo.middleware:3.5.0
-
cpe:2.3:a:openstack:oslo.middleware:3.6.0
-
cpe:2.3:a:openstack:oslo.middleware:3.7.0
-
cpe:2.3:a:openstack:oslo.middleware:3.8.0
-
cpe:2.3:a:openstack:oslo.middleware:3.9.0
-
cpe:2.3:o:canonical:ubuntu_linux:16.04