Home > Vulnerability Database > CVE-2014-7231

Mend.io Vulnerability Database

CVE-2014-7231

Good to know:

Date: October 8, 2014

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Language: Python

Severity Score

4.0

Related Resources (8)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/96726

Url: https://github.com/openstack/oslo.utils

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-7231

Url: http://rhn.redhat.com/errata/RHSA-2014-1939.html

Url: https://bugs.launchpad.net/oslo.utils/+bug/1345233

Url: http://seclists.org/oss-sec/2014/q3/853

Url: http://www.securityfocus.com/bid/70184

Url: https://www.mend.io/vulnerability-database/CVE-2014-7231

Severity Score

4.0

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version oslo.utils - 0.2.0

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-7231

Good to know:

Date: October 8, 2014

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?