Launchpad.net

CVE 2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Related bugs and status

CVE-2014-7230 (Candidate) is related to these bugs:

Bug #1343604: Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)

		In	Importance	Status
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	oslo-incubator	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	OpenStack DBaaS (Trove)	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	Cinder	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	OpenStack Compute (nova)	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	OpenStack Compute (nova) icehouse	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	OpenStack Compute (nova) havana	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	Cinder icehouse	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	Cinder havana	Medium	Fix Released
1343604	Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	OpenStack DBaaS (Trove) icehouse	Undecided	Fix Released

Bug #1377981: [OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)

		In	Importance	Status
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	Cinder	Medium	Fix Released
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	OpenStack Compute (nova)	Undecided	Fix Released
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	OpenStack Security Advisory	Medium	Fix Released
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	Cinder icehouse	Undecided	Fix Released
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	OpenStack Compute (nova) icehouse	Undecided	Fix Released
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	oslo-incubator	Undecided	Fix Released
1377981	[OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	oslo-incubator icehouse	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-7230

Related bugs and status

Related bugs

References