Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Published

2022-08-29T15:15:09.807

Last Modified

2024-11-21T06:39:15.197

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-522
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	oslo.utils	< 4.10.1	Yes
Application	openstack	oslo.utils	4.12.0	Yes
Application	redhat	openshift_container_platform	4.0	Yes
Application	redhat	openstack_platform	16.1	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://access.redhat.com/security/cve/CVE-2022-0718 Third Party Advisory ([email protected])
https://bugs.launchpad.net/oslo.utils/+bug/1949623 Exploit, Issue Tracking, Patch, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2056850 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html Mailing List, Third Party Advisory ([email protected])
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa Patch, Vendor Advisory ([email protected])
https://security-tracker.debian.org/tracker/CVE-2022-0718 Patch, Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-0718 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/oslo.utils/+bug/1949623 Exploit, Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2056850 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2022-0718 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)