An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
},
{
"introduced": "19.04"
},
{
"last_affected": "19.04"
}
],
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux"
},
{
"extracted_events": [
{
"introduced": "10.0"
},
{
"last_affected": "10.0"
}
],
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux"
},
{
"extracted_events": [
{
"introduced": "10"
},
{
"last_affected": "10"
},
{
"introduced": "13"
},
{
"last_affected": "13"
},
{
"introduced": "14"
},
{
"last_affected": "14"
}
],
"cpes": [
"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:openstack"
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "17.0.12"
},
{
"introduced": "18.0.0"
},
{
"fixed": "18.2.2"
},
{
"introduced": "19.0.0"
},
{
"fixed": "19.0.2"
}
],
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*"
}