From 6b0b3a50e69e0a8f6f3207ed15a2aaaa30391580 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 6 Aug 2019 14:43:44 +0000 Subject: [PATCH] Add OSSA-2019-003 (CVE-2019-14433) Change-Id: I22c4b17a0ad1b6197a97c6b2670fe5d1a6a7406f Related-Bug: #1837877 --- ossa/OSSA-2019-003.yaml | 60 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 ossa/OSSA-2019-003.yaml diff --git a/ossa/OSSA-2019-003.yaml b/ossa/OSSA-2019-003.yaml new file mode 100644 index 0000000..f2bbe84 --- /dev/null +++ b/ossa/OSSA-2019-003.yaml @@ -0,0 +1,60 @@ +date: 2019-08-06 + +id: OSSA-2019-003 + +title: Nova Server Resource Faults Leak External Exception Details + +description: > + Donny Davis with Intel reported a vulnerability in Nova Compute + resource fault handling. If an API request from an authenticated + user ends in a fault condition due to an external exception, details + of the underlying environment may be leaked in the response and + could include sensitive configuration or other data. + +affected-products: + + - product: Nova + version: '<17.0.12,>=18.0.0<18.2.2,>=19.0.0<19.0.2' + +vulnerabilities: + + - cve-id: CVE-2019-14433 + +reporters: + + - name: Donny Davis + affiliation: Intel + reported: + - CVE-2019-14433 + +issues: + + links: + - https://launchpad.net/bugs/1837877 + +reviews: + + train: + - https://review.openstack.org/674821 + + stein: + - https://review.openstack.org/674828 + + rocky: + - https://review.openstack.org/674848 + + queens: + - https://review.openstack.org/674859 + + pike: + - https://review.openstack.org/674877 + + ocata: + - https://review.openstack.org/674908 + + type: gerrit + +notes: + - The stable/ocata and stable/pike branches are under extended + maintenance and will receive no new point releases, but patches + for them are provided as a courtesy.