Low severityNVD Advisory· Published Oct 8, 2014· Updated May 6, 2026

CVE-2014-7231

Description

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
oslo.utilsPyPI	< 0.2.0	0.2.0

Affected products

OpenStack/Cinder
cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
Range: >=2013.2,<2013.2.4
OpenStack/Nova
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
Range: >=2013.2,<2013.2.4
OpenStack/Trove
cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
Range: >=2013.2,<2013.2.4
Red Hat/Openstack
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.launchpad.net/oslo.utils/+bug/1345233nvdExploitThird Party AdvisoryWEB
rhn.redhat.com/errata/RHSA-2014-1939.htmlnvdThird Party AdvisoryWEB
seclists.org/oss-sec/2014/q3/853nvdMailing ListThird Party AdvisoryWEB
www.securityfocus.com/bid/70184nvdThird Party AdvisoryVDB EntryWEB
exchange.xforce.ibmcloud.com/vulnerabilities/96726nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-v933-vx5p-j7w2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-7231ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000