Headline

CVE-2022-0718: CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

2 years ago

CVE

Open in Source

#web #ubuntu #debian #red_hat #git

Name

CVE-2022-0718

Source

CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package

Release

Version

Status

python-oslo.utils (PTS)

buster

3.36.5-0+deb10u1

vulnerable

bullseye

4.6.0-2

vulnerable

bookworm, sid

4.12.3-1

fixed

The information below is based on the following data on fixed versions.

Package

Type

Release

Fixed Version

Urgency

Origin

Debian Bugs

python-oslo.utils

source

(unstable)

4.10.1-1

Notes

[bullseye] - python-oslo.utils <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2056850
https://bugs.launchpad.net/oslo.utils/+bug/1949623
Fixed by: https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa (4.12.1)
Fixed by: https://opendev.org/openstack/oslo.utils/commit/5ce8a7f0f8ecec7a85a23ec3d7a7fb1cad14ceba (4.10.1)

Related news

Red Hat Security Advisory 2022-8873-01

Red Hat Security Advisory 2022-8873-01 - An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

1 year ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js

RHSA-2022:8873: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (python-oslo-utils) security update

An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0718: python-oslo-utils: incorrect password masking in debug output

1 year ago

Red Hat Security Data

Open in Source