CVE-2019-14433

CVE Database · CVE-2019-14433

CVE-2019-14433

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.93%

Published

Aug 9, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-209

Affected Products (10)

openstack · nova (up to 17.0.12)vulnerable

openstack · nova (up to 18.2.2)vulnerable

openstack · nova (up to 19.0.2)vulnerable

canonical · ubuntu_linuxvulnerable

redhat · openstackvulnerable

debian · debian_linux

References (16)