—

PYSEC-2019-191

Details

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nova

Introduced in: 19.0.0 Fixed in: 19.0.2

Fix pip install --upgrade 'nova>=17.0.12'

References

http://www.openwall.com/lists/oss-security/2019/08/06/6 [WEB]
https://security.openstack.org/ossa/OSSA-2019-003.html [WEB]
https://launchpad.net/bugs/1837877 [WEB]
https://usn.ubuntu.com/4104-1/ [WEB]
https://access.redhat.com/errata/RHSA-2019:2622 [ADVISORY]
https://access.redhat.com/errata/RHSA-2019:2631 [ADVISORY]
https://access.redhat.com/errata/RHSA-2019:2652 [ADVISORY]