CVE-2019-14433: OpenStack Nova Server Resource Faults Leak External Exception Details
(updated )
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
References
- access.redhat.com/errata/RHSA-2019:2622
- access.redhat.com/errata/RHSA-2019:2631
- access.redhat.com/errata/RHSA-2019:2652
- github.com/advisories/GHSA-pg64-r7rr-phv8
- github.com/openstack/nova
- github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
- github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
- launchpad.net/bugs/1837877
- lists.debian.org/debian-lts-announce/2022/09/msg00018.html
- nvd.nist.gov/vuln/detail/CVE-2019-14433
- security.openstack.org/ossa/OSSA-2019-003.html
- usn.ubuntu.com/4104-1
Detect and mitigate CVE-2019-14433 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →