Medium severity5.9NVD Advisory· Published May 8, 2018· Updated Jun 17, 2026
CVE-2017-2592
CVE-2017-2592
Description
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oslo.middlewarePyPI | >= 3.9.0, < 3.19.1 | 3.19.1 |
oslo.middlewarePyPI | < 3.8.1 | 3.8.1 |
oslo.middlewarePyPI | >= 3.20.0, < 3.23.1 | 3.23.1 |
oslo-middlewarePyPI | >= 3.9.0, < 3.19.1 | 3.19.1 |
oslo-middlewarePyPI | < 3.8.1 | 3.8.1 |
oslo-middlewarePyPI | >= 3.20.0, < 3.23.1 | 3.23.1 |
Affected products
16- ghsa-coords15 versionspkg:pypi/oslo-middlewarepkg:pypi/oslo.middlewarepkg:rpm/suse/python-oslo.cache&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.concurrency&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.db&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.log&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.middleware&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-oslo.middleware&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.serialization&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.service&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslotest&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.versionedobjects&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.vmware&distro=SUSE%20OpenStack%20Cloud%207
>= 3.9.0, < 3.19.1+ 14 more
- (no CPE)range: >= 3.9.0, < 3.19.1
- (no CPE)range: >= 3.9.0, < 3.19.1
- (no CPE)range: < 1.14.1-3.3.3
- (no CPE)range: < 3.14.1-3.3.3
- (no CPE)range: < 4.13.6-3.3.3
- (no CPE)range: < 3.16.1-3.3.3
- (no CPE)range: < 5.10.2-3.6.3
- (no CPE)range: < 2.8.0-3.1
- (no CPE)range: < 3.19.0-3.1
- (no CPE)range: < 2.13.2-3.3.3
- (no CPE)range: < 1.16.1-3.3.1
- (no CPE)range: < 2.10.1-3.3.1
- (no CPE)range: < 3.16.1-3.3.3
- (no CPE)range: < 1.17.1-3.3.1
- (no CPE)range: < 2.14.1-3.3.1
- unspecified/python-oslo-middlewarev5Range: python-oslo-middleware 3.8.1
Patches
Vulnerability mechanics
References
19- lists.openstack.org/pipermail/openstack-announce/2017-January/002002.htmlnvdPatchVendor AdvisoryWEB
- bugs.launchpad.net/keystonemiddleware/+bug/1628031nvdIssue TrackingPatchThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- review.openstack.orgnvdIssue TrackingPatchVendor Advisory
- review.openstack.orgnvdIssue TrackingPatchVendor Advisory
- review.openstack.orgnvdIssue TrackingPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2017-0300.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2017-0435.htmlnvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/95827nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:0300nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:0435nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-xcp8-hh74-f6mcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-2592ghsaADVISORY
- usn.ubuntu.com/3666-1/nvdThird Party Advisory
- github.com/pypa/advisory-database/tree/main/vulns/oslo-middleware/PYSEC-2018-104.yamlghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- usn.ubuntu.com/3666-1ghsaWEB
News mentions
0No linked articles in our index yet.