CVE-2018-16856 - OpenCVE

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openstack
Openstack	Octavia

Configuration 1 [-]

OR	cpe:2.3:a:openstack:octavia::::::::
	cpe:2.3:a:openstack:octavia::::::::

Configuration 2 [-]

OR	cpe:2.3:a:redhat:openstack:12:::::::*
	cpe:2.3:a:redhat:openstack:13:::::::*
	cpe:2.3:a:redhat:openstack:14:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-03-26T17:45:29

Updated: 2019-03-26T17:45:29

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16856

JSON object: View

NVD Information

Status : Modified

Published: 2019-03-26T18:29:00.357

Modified: 2021-08-04T17:15:13.067

Link: CVE-2018-16856

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "openstack-octavia", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "2.0.2-5"}, {"status": "affected", "version": "openstack-octavia-3.0.1-0.20181009115732"}]}], "descriptions": [{"lang": "en", "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-26T17:45:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16856", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openstack-octavia", "version": {"version_data": [{"version_value": "2.0.2-5"}, {"version_value": "openstack-octavia-3.0.1-0.20181009115732"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."}]}, "impact": {"cvss": [[{"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16856", "datePublished": "2019-03-26T17:45:29", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2019-03-26T17:45:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F18AB12-4884-4669-9046-39464A7AAC16", "versionEndExcluding": "2.0.2-5", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8D54E3C-4629-4B5A-B361-41EE65E19CB5", "versionEndExcluding": "3.0.1-0.20181009115732", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*", "matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."}, {"lang": "es", "value": "En una instalaci\u00f3n de Red Hat Openstack Platform Director por defecto, openstack-octavia en versiones anteriores a la 2.0.2-5 y openstack-octavia-3.0.1-0.20181009115732 crean archivos de registro que pueden ser le\u00eddos por todos los usuarios. La informaci\u00f3n sensible, como las claves privadas, puede aparecer en estos archivos, lo que permite la exposici\u00f3n de informaci\u00f3n."}], "id": "CVE-2018-16856", "lastModified": "2021-08-04T17:15:13.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-03-26T18:29:00.357", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "secalert@redhat.com", "type": "Secondary"}]}