VYPR
← All advisories
Moderate severityOSV Advisory· Published Mar 26, 2019· Updated Aug 4, 2024

CVE-2019-3830

CVE-2019-3830

Description

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Ceilometer-agent logs sensitive config data without requiring DEBUG mode, resulting in information exposure.

Vulnerability

A vulnerability in ceilometer, affecting versions before 12.0.0.0rc1 and Red Hat OpenStack Platform (RHOS) versions 10.0 (Newton) through 14.0 (Rocky), causes the ceilometer-agent to print sensitive configuration data (e.g., passwords, tokens) to log files even when DEBUG logging is not activated [1][4]. This is an information exposure flaw that triggers regardless of the log level setting [2][3].

Exploitation

An attacker with read access to the ceilometer log files (e.g., via compromised host, log aggregator, or shared storage) can retrieve the exposed sensitive configuration values. No authentication, user interaction, or race condition is required to trigger the log output—the agent writes the data on every start or reload [4].

Impact

Successful exploitation leads to disclosure of sensitive credentials or tokens stored in the ceilometer configuration, potentially allowing lateral movement within the OpenStack environment or unauthorized access to other services [2][4]. The impact is limited to information disclosure; however, leaked credentials could enable further compromise.

Mitigation

The vulnerability is fixed in ceilometer version 12.0.0.0rc1 and later [1]. Red Hat provided updated packages via RHSA-2019:0566 for RHOS 13.0 (Queens), RHSA-2019:0580 for RHOS 14.0 (Rocky), and RHSA-2019:0919 for RHOS 10.0 (Newton) [2][4]. Administrators should apply the appropriate update or restrict access to ceilometer log files as a workaround.

References
  1. GitHub - openstack/ceilometer: OpenStack Telemetry (Ceilometer). Mirror of code maintained at opendev.org.
  2. https://access.redhat.com/errata/RHSA-2019:0919
  3. NVD - CVE-2019-3830
  4. ceilometer-agent prints sensitive data from config files through log files

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ceilometerPyPI
< 12.0.0.0rc112.0.0.0rc1

Affected products

3

Patches

1
8881a42af169

Only print polling.yaml file contents as DEBUG

https://github.com/openstack/ceilometerEdward Hope-MorleyJan 10, 2019via ghsa
commit
1 file changed · +1 1
  • ceilometer/agent.py+1 1 modified
    @@ -61,7 +61,7 @@ def load_config(self, cfg_file):
                     __name__, 'pipeline/data/' + cfg_file)
         with open(cfg_loc) as fap:
             conf = yaml.safe_load(fap)
-        LOG.info("Config file: %s", conf)
+        LOG.debug("Config file: %s", conf)
         return conf

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.