Critical severity9.8NVD Advisory· Published Mar 21, 2017· Updated May 13, 2026
CVE-2017-7214
CVE-2017-7214
Description
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | >= 13.0.0, < 13.1.4 | 13.1.4 |
novaPyPI | >= 14.0.0, < 14.0.5 | 14.0.5 |
novaPyPI | >= 15.0.1, < 15.0.2 | 15.0.2 |
Affected products
12cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
Patches
43f985f1eda6fAdd release note for CVE-2017-7214
1 file changed · +8 −0
releasenotes/notes/bug-1673569-cve-2017-7214-2d7644b356015c93.yaml+8 −0 added@@ -0,0 +1,8 @@ +--- +prelude: > + This release includes fixes for security vulnerabilities. +security: + - | + [CVE-2017-7214] Failed notification payload is dumped in logs with auth secrets + + * `Bug 1673569 <https://bugs.launchpad.net/nova/+bug/1673569>`_
c2c91ce44592Add release note for CVE-2017-7214
1 file changed · +8 −0
releasenotes/notes/bug-1673569-cve-2017-7214-2d7644b356015c93.yaml+8 −0 added@@ -0,0 +1,8 @@ +--- +prelude: > + This release includes fixes for security vulnerabilities. +security: + - | + [CVE-2017-7214] Failed notification payload is dumped in logs with auth secrets + + * `Bug 1673569 <https://bugs.launchpad.net/nova/+bug/1673569>`_
e193201fa1deAdd release note for CVE-2017-7214
1 file changed · +8 −0
releasenotes/notes/bug-1673569-cve-2017-7214-2d7644b356015c93.yaml+8 −0 added@@ -0,0 +1,8 @@ +--- +prelude: > + This release includes fixes for security vulnerabilities. +security: + - | + [CVE-2017-7214] Failed notification payload is dumped in logs with auth secrets + + * `Bug 1673569 <https://bugs.launchpad.net/nova/+bug/1673569>`_
acb19160d4d3Add release note for CVE-2017-7214
1 file changed · +8 −0
releasenotes/notes/bug-1673569-cve-2017-7214-2d7644b356015c93.yaml+8 −0 added@@ -0,0 +1,8 @@ +--- +prelude: > + This release includes fixes for security vulnerabilities. +security: + - | + [CVE-2017-7214] Failed notification payload is dumped in logs with auth secrets + + * `Bug 1673569 <https://bugs.launchpad.net/nova/+bug/1673569>`_
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
10- launchpad.net/bugs/1673569nvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/96998nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-f4g4-cj8f-3cr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-7214ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:1508nvdWEB
- access.redhat.com/errata/RHSA-2017:1595nvdWEB
- github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486aghsaWEB
- github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1cghsaWEB
- github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0aghsaWEB
- github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598ghsaWEB
News mentions
0No linked articles in our index yet.