python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| oslo.middleware(PyPI) | 3.9.0 | 3.19.1 | N/A |
| oslo.middleware(PyPI) | 0 | 3.8.1 | N/A |
| oslo.middleware(PyPI) | 3.20.0 | 3.23.1 | N/A |
| oslo-middleware(PyPI) | 3.9.0 | 3.19.1 | N/A |
| oslo-middleware(PyPI) | 0 | 3.8.1 | N/A |
| oslo-middleware(PyPI) | 3.20.0 | 3.23.1 | N/A |
CVSS Metrics
