GHSA-pg64-r7rr-phv8

Suggest an improvement
Source
https://github.com/advisories/GHSA-pg64-r7rr-phv8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pg64-r7rr-phv8/GHSA-pg64-r7rr-phv8.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pg64-r7rr-phv8
Aliases
Published
2022-05-24T16:53:02Z
Modified
2024-10-07T15:23:59.373953Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenStack Nova Server Resource Faults Leak External Exception Details
Details

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Database specific 
{
    "severity": "HIGH",
    "github_reviewed": true,
    "nvd_published_at": "2019-08-09T19:15:00Z",
    "github_reviewed_at": "2024-04-29T09:51:39Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-209"
    ]
}
References

Affected packages

PyPI / nova

Package

Name
nova
View open source insights on deps.dev
Purl
pkg:pypi/nova

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.12

Affected versions

15.*

15.1.5

16.*

16.1.6
16.1.7
16.1.8

17.*

17.0.7
17.0.8
17.0.9
17.0.10
17.0.11

PyPI / nova

Package

Name
nova
View open source insights on deps.dev
Purl
pkg:pypi/nova

Affected ranges

Type
ECOSYSTEM
Events
Introduced
18.0.0
Fixed
18.2.2

Affected versions

18.*

18.0.2
18.0.3
18.1.0
18.2.0
18.2.1

PyPI / nova

Package

Name
nova
View open source insights on deps.dev
Purl
pkg:pypi/nova

Affected ranges

Type
ECOSYSTEM
Events
Introduced
19.0.0
Fixed
19.0.2

Affected versions

19.*

19.0.0
19.0.1