All the vulnerabilites related to openstack - trove
cve-2014-7231
Vulnerability from cvelistv5
Published
2014-10-08 19:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2014/q3/853 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96726 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2014-1939.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.launchpad.net/oslo.utils/+bug/1345233 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70184 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140929 Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"name": "openstack-nova-cve20147231-info-disc(96726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96726"
},
{
"name": "RHSA-2014:1939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1345233"
},
{
"name": "70184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140929 Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"name": "openstack-nova-cve20147231-info-disc(96726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96726"
},
{
"name": "RHSA-2014:1939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1345233"
},
{
"name": "70184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140929 Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"name": "openstack-nova-cve20147231-info-disc(96726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96726"
},
{
"name": "RHSA-2014:1939",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"name": "https://bugs.launchpad.net/oslo.utils/+bug/1345233",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1345233"
},
{
"name": "70184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7231",
"datePublished": "2014-10-08T19:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3156
Vulnerability from cvelistv5
Published
2017-08-11 21:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/trove/+bug/1398195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-11T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/trove/+bug/1398195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3156",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7230
Vulnerability from cvelistv5
Published
2014-10-08 19:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2014/q3/853 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96725 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/70185 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/oslo-incubator/+bug/1343604 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1939.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-2405-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140929 Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"name": "openstack-cinder-cve20147230-info-disc(96725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725"
},
{
"name": "70185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604"
},
{
"name": "RHSA-2014:1939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"name": "USN-2405-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2405-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140929 Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"name": "openstack-cinder-cve20147230-info-disc(96725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725"
},
{
"name": "70185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604"
},
{
"name": "RHSA-2014:1939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"name": "USN-2405-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2405-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140929 Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"name": "openstack-cinder-cve20147230-info-disc(96725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725"
},
{
"name": "70185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70185"
},
{
"name": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604"
},
{
"name": "RHSA-2014:1939",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"name": "USN-2405-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2405-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7230",
"datePublished": "2014-10-08T19:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-10-08 19:55
Modified
2024-11-21 02:16
Severity ?
Summary
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC66A4A-2D3E-432A-B642-861B45B4AC35",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "895976CB-E362-45E6-872B-B1A060A2E1A0",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D50F1D-BB54-4193-9D5E-3D558C34F897",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82FE6CB2-DF2F-4BFF-A27B-06FFE3195178",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDF6737-0BFE-4958-829D-250745A8742E",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6496CBDF-E0C1-421A-BA81-61E76C972455",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log."
},
{
"lang": "es",
"value": "La funci\u00f3n processutils.execute en OpenStack oslo-incubator, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 permite a usuarios locales obtener contrase\u00f1as de comandos que causan un error de ejecuci\u00f3n de proceso (ProcessExecutionError) mediante la lectura del registro."
}
],
"id": "CVE-2014-7230",
"lastModified": "2024-11-21T02:16:34.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-08T19:55:04.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70185"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2405-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2405-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-11 21:29
Modified
2024-11-21 02:28
Severity ?
Summary
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C58A67C0-6187-457B-B115-F785CE64C4E5",
"versionEndIncluding": "2014.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file."
},
{
"lang": "es",
"value": "La funci\u00f3n _write_config en trove/guestagent/datastore/experimental/mongodb/service.py, la funci\u00f3n reset_configuration en trove/guestagent/datastore/experimental/postgresql/service/config.py, la funci\u00f3n write_config en trove/guestagent/datastore/experimental/redis/service.py, la funci\u00f3n _write_mycnf en trove/guestagent/datastore/mysql/service.py, la funci\u00f3n InnoBackupEx::_run_prepare en trove/guestagent/strategies/restore/mysql_impl.py, la funci\u00f3n InnoBackupEx::cmd en trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd en trove/guestagent/strategies/backup/mysql_impl.py, la funci\u00f3n InnoBackupExIncremental::cmd en trove/guestagent/strategies/backup/mysql_impl.py, la funci\u00f3n _get_actual_db_status en trove/guestagent/datastore/experimental/cassandra/system.py y trove/guestagent/datastore/experimental/cassandra/service.py, y m\u00faltiples m\u00e9todos de clase CbBackup en trove/guestagent/strategies/backup/experimental/couchbase_impl.py en Openstack DBaaS (tambi\u00e9n llamado Trove) tal y como est\u00e1 empaquetado en Openstack en versiones anteriores a la 2015.1.0 (tambi\u00e9n llamada Kilo) permite que usuarios locales escriban en archivos de configuraci\u00f3n mediante un ataque symlink en un archivo temporal."
}
],
"id": "CVE-2015-3156",
"lastModified": "2024-11-21T02:28:47.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-11T21:29:00.260",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.launchpad.net/trove/+bug/1398195"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.launchpad.net/trove/+bug/1398195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-08 19:55
Modified
2024-11-21 02:16
Severity ?
Summary
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC66A4A-2D3E-432A-B642-861B45B4AC35",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "895976CB-E362-45E6-872B-B1A060A2E1A0",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D50F1D-BB54-4193-9D5E-3D558C34F897",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82FE6CB2-DF2F-4BFF-A27B-06FFE3195178",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDF6737-0BFE-4958-829D-250745A8742E",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6496CBDF-E0C1-421A-BA81-61E76C972455",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log."
},
{
"lang": "es",
"value": "La funci\u00f3n strutils.mask_password en la librar\u00eda de utilidades de OpenStack Oslo, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 no enmasca debidamente contrase\u00f1as cuando registra comandos, lo que permite a usuarios locales obtener contrase\u00f1as mediante la lectura del registro."
}
],
"id": "CVE-2014-7231",
"lastModified": "2024-11-21T02:16:34.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-08T19:55:04.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70184"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1345233"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/oslo.utils/+bug/1345233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96726"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}