CVE-2017-2592

Summary

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

Affected Software

VendorProductVersion RangeStatus
unspecifiedpython-oslo-middlewarepython-oslo-middleware 3.8.1affected
unspecifiedpython-oslo-middlewarepython-oslo-middleware 3.19.1affected
unspecifiedpython-oslo-middlewarepython-oslo-middleware 3.23.1affected

Weaknesses

  • CWE-532: CWE-532

ADP Enrichment

CVE Program Container

Additional References

References