CVE-2017-2592: CVE-2017-2592

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-2592

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过日志文件的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenStack oslo.middleware 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenStack是美国国家航空航天局（National Aeronautics and Space Administration）和美国Rackspace公司合作研发的一个云平台管理项目。OpenStack oslo.middleware是其中的一个用于wsgi管道中拦截请求或响应流的中间件。 OpenStack oslo.middleware 3.8.1之前版本、3.19.1之前版本和3.23.1之前版本中存在信息泄露漏洞，该漏洞源于CatchError类中包含有敏感值。攻击者可利用该漏洞从OpenS

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
unspecified	python-oslo-middleware	python-oslo-middleware 3.8.1	-

II. Public POCs for CVE-2017-2592

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-2592

Please Login to view more intelligence information

http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.htmlx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592x_refsource_CONFIRM
🔗 https://access.redhat.com/errata/RHSA-2017:0435x_refsource_CONFIRM
https://review.openstack.org/#/c/425730/x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:0300x_refsource_CONFIRM
https://review.openstack.org/#/c/425732/x_refsource_MISC
https://review.openstack.org/#/c/425734/x_refsource_MISC
🔗 https://bugs.launchpad.net/keystonemiddleware/+bug/1628031x_refsource_MISC
http://www.securityfocus.com/bid/95827vdb-entryx_refsource_BID
🔗 https://usn.ubuntu.com/3666-1/vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2017-0300.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0435.htmlvendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2017-2592

IV. Related Vulnerabilities

Same vendor: unspecified

Same weakness: CWE-532

V. Comments for CVE-2017-2592

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2017-2592

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-2592

III. Intelligence Information for CVE-2017-2592

IV. Related Vulnerabilities

V. Comments for CVE-2017-2592

Leave a comment