CVE Vulnerabilities

CVE-2022-0718

Insufficiently Protected Credentials

Published: Aug 29, 2022 | Modified: Nov 21, 2024
CVSS 3.x
4.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
6 MODERATE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Ubuntu
MEDIUM

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Oslo.utils Openstack * 4.10.1 (excluding)
Oslo.utils Openstack 4.12.0 (including) 4.12.0 (including)
Red Hat OpenStack Platform 16.1 RedHat python-oslo-utils-0:3.41.6-1.20220426095230.f4deaad.el8ost *
Red Hat OpenStack Platform 16.2 RedHat python-oslo-utils-0:3.41.6-2.20220111011750.el8ost *
Python-oslo.utils Ubuntu bionic *
Python-oslo.utils Ubuntu esm-infra/xenial *
Python-oslo.utils Ubuntu focal *
Python-oslo.utils Ubuntu impish *
Python-oslo.utils Ubuntu trusty *
Python-oslo.utils Ubuntu upstream *
Python-oslo.utils Ubuntu xenial *

Potential Mitigations

References