CVE-2017-2592: Inclusion of Sensitive Information in Log Files
(updated )
python-oslo-middleware is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback’s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
References
Detect and mitigate CVE-2017-2592 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →