An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
| Score | Percentile |
|---|---|
| 1.33% | 79.50% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.5 | 3.1 | — |
|
| 7.1 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-pg64-r7rr-phv8 ↗ |
| CVE | CVE-2019-14433 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | nova | < 17.0.12 | 17.0.12 | — |
| pip | nova | >= 18.0.0, < 18.2.2 | 18.2.2 | — |
| pip | nova | >= 19.0.0, < 19.0.2 | 19.0.2 | — |