Vulnerability Details CVE-2019-14433
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.openwall.com/lists/oss-security/2019/08/06/6
- https://access.redhat.com/errata/RHSA-2019:2622
- https://access.redhat.com/errata/RHSA-2019:2631
- https://access.redhat.com/errata/RHSA-2019:2652
- https://launchpad.net/bugs/1837877
- https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
- https://security.openstack.org/ossa/OSSA-2019-003.html
- https://usn.ubuntu.com/4104-1/
- http://www.openwall.com/lists/oss-security/2019/08/06/6
- https://access.redhat.com/errata/RHSA-2019:2622
- https://access.redhat.com/errata/RHSA-2019:2631
- https://access.redhat.com/errata/RHSA-2019:2652
- https://launchpad.net/bugs/1837877
- https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
- https://security.openstack.org/ossa/OSSA-2019-003.html
- https://usn.ubuntu.com/4104-1/
Products affected by CVE-2019-14433
-
cpe:2.3:a:openstack:nova:-
-
cpe:2.3:a:openstack:nova:0.9.0
-
cpe:2.3:a:openstack:nova:12.0.0
-
cpe:2.3:a:openstack:nova:12.0.1
-
cpe:2.3:a:openstack:nova:12.0.2
-
cpe:2.3:a:openstack:nova:12.0.3
-
cpe:2.3:a:openstack:nova:12.0.4
-
cpe:2.3:a:openstack:nova:12.0.5
-
cpe:2.3:a:openstack:nova:12.0.6
-
cpe:2.3:a:openstack:nova:13.0.0
-
cpe:2.3:a:openstack:nova:13.1.0
-
cpe:2.3:a:openstack:nova:13.1.1
-
cpe:2.3:a:openstack:nova:13.1.2
-
cpe:2.3:a:openstack:nova:13.1.3
-
cpe:2.3:a:openstack:nova:13.1.4
-
cpe:2.3:a:openstack:nova:14.0.0
-
cpe:2.3:a:openstack:nova:14.0.1
-
cpe:2.3:a:openstack:nova:14.0.10
-
cpe:2.3:a:openstack:nova:14.0.2
-
cpe:2.3:a:openstack:nova:14.0.3
-
cpe:2.3:a:openstack:nova:14.0.4
-
cpe:2.3:a:openstack:nova:14.0.5
-
cpe:2.3:a:openstack:nova:14.0.6
-
cpe:2.3:a:openstack:nova:14.0.7
-
cpe:2.3:a:openstack:nova:14.0.8
-
cpe:2.3:a:openstack:nova:14.0.9
-
cpe:2.3:a:openstack:nova:14.1.0
-
cpe:2.3:a:openstack:nova:15.0.0
-
cpe:2.3:a:openstack:nova:15.0.1
-
cpe:2.3:a:openstack:nova:15.0.2
-
cpe:2.3:a:openstack:nova:15.0.3
-
cpe:2.3:a:openstack:nova:15.0.4
-
cpe:2.3:a:openstack:nova:15.0.5
-
cpe:2.3:a:openstack:nova:15.0.6
-
cpe:2.3:a:openstack:nova:15.0.7
-
cpe:2.3:a:openstack:nova:15.0.8
-
cpe:2.3:a:openstack:nova:15.1.0
-
cpe:2.3:a:openstack:nova:15.1.1
-
cpe:2.3:a:openstack:nova:15.1.2
-
cpe:2.3:a:openstack:nova:15.1.3
-
cpe:2.3:a:openstack:nova:15.1.4
-
cpe:2.3:a:openstack:nova:15.1.5
-
cpe:2.3:a:openstack:nova:16.0.0
-
cpe:2.3:a:openstack:nova:16.0.1
-
cpe:2.3:a:openstack:nova:16.0.2
-
cpe:2.3:a:openstack:nova:16.0.3
-
cpe:2.3:a:openstack:nova:16.0.4
-
cpe:2.3:a:openstack:nova:16.1.0
-
cpe:2.3:a:openstack:nova:16.1.1
-
cpe:2.3:a:openstack:nova:16.1.2
-
cpe:2.3:a:openstack:nova:16.1.3
-
cpe:2.3:a:openstack:nova:16.1.4
-
cpe:2.3:a:openstack:nova:16.1.5
-
cpe:2.3:a:openstack:nova:16.1.6
-
cpe:2.3:a:openstack:nova:16.1.7
-
cpe:2.3:a:openstack:nova:16.1.8
-
cpe:2.3:a:openstack:nova:17.0.0
-
cpe:2.3:a:openstack:nova:17.0.1
-
cpe:2.3:a:openstack:nova:17.0.10
-
cpe:2.3:a:openstack:nova:17.0.11
-
cpe:2.3:a:openstack:nova:17.0.2
-
cpe:2.3:a:openstack:nova:17.0.3
-
cpe:2.3:a:openstack:nova:17.0.4
-
cpe:2.3:a:openstack:nova:17.0.5
-
cpe:2.3:a:openstack:nova:17.0.6
-
cpe:2.3:a:openstack:nova:17.0.7
-
cpe:2.3:a:openstack:nova:17.0.8
-
cpe:2.3:a:openstack:nova:17.0.9
-
cpe:2.3:a:openstack:nova:18.0.0
-
cpe:2.3:a:openstack:nova:18.0.1
-
cpe:2.3:a:openstack:nova:18.0.2
-
cpe:2.3:a:openstack:nova:18.0.3
-
cpe:2.3:a:openstack:nova:18.1.0
-
cpe:2.3:a:openstack:nova:18.2.0
-
cpe:2.3:a:openstack:nova:18.2.1
-
cpe:2.3:a:openstack:nova:19.0.0
-
cpe:2.3:a:openstack:nova:19.0.1
-
cpe:2.3:a:redhat:openstack:10
-
cpe:2.3:a:redhat:openstack:13
-
cpe:2.3:a:redhat:openstack:14
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.04
-
cpe:2.3:o:debian:debian_linux:10.0