oslo.middleware Information Disclosure vulnerability
Moderate severity
GitHub Reviewed
Published
Jul 13, 2018
to the GitHub Advisory Database
•
Updated Aug 17, 2023
Package
Affected versions
< 3.8.1
>= 3.9.0, < 3.19.1
>= 3.20.0, < 3.23.1
Patched versions
3.8.1
3.19.1
3.23.1
Description
Published by the National Vulnerability Database
May 8, 2018
Published to the GitHub Advisory Database
Jul 13, 2018
Reviewed
Jun 16, 2020
Last updated
Aug 17, 2023
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
References