CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

References

Affected packages

Git / github.com/openstack/oslo.middleware

Affected ranges

Type

GIT

Repo

https://github.com/openstack/oslo.middleware

Events

Introduced

Last affected

8ecaab7d2df6f05dbcd4b48b3c4d12a462161681

Introduced

d5974a05f7aa9b8d5406003f1fb9ac6290fe6f0e

Last affected

ddbb2e42c0d66e01c7851f4a00df11b5a693d77c

Introduced

cc9810787ea953ed0625284cd73423574e487b97

Last affected

5307c7e43f32ff4d3c1b3a742718f6085296fdf6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.0"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.19.0"
        },
        {
            "introduced": "3.20.0"
        },
        {
            "last_affected": "3.23.0"
        }
    ]
}

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.5.0

1.*

1.0.0

1.1.0

1.2.0

1.3.0

2.*

2.0.0

2.1.0

2.10.0

2.11.0

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

2.6.1

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.1.0

3.10.0

3.11.0

3.12.0

3.13.0

3.14.0

3.15.0

3.16.0

3.17.0

3.18.0

3.19.0

3.2.0

3.20.0

3.21.0

3.22.0

3.23.0

3.3.0

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

Other

juno-eol

kilo-eol

liberty-eol

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2592.json"