Base Score

HIGH7.5

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateMar 26, 2019, 18:29

Affected Versions(2)

octavia(PyPI)

Introduced0

Fixed2.1.0

LimitN/A

octavia(PyPI)

Introduced3.0.0.0b1

Fixed3.1.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
octavia(PyPI)	0	2.1.0	N/A
octavia(PyPI)	3.0.0.0b1	3.1.0	N/A

Weakness Type (CWE):CWE-532

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856

Base Score

HIGH7.5

Weakness Type (CWE):CWE-532

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE