{"containers": {"cna": {"affected": [{"product": "openstack-octavia", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "2.0.2-5"}, {"status": "affected", "version": "openstack-octavia-3.0.1-0.20181009115732"}]}], "descriptions": [{"lang": "en", "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-26T17:45:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16856", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openstack-octavia", "version": {"version_data": [{"version_value": "2.0.2-5"}, {"version_value": "openstack-octavia-3.0.1-0.20181009115732"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."}]}, "impact": {"cvss": [[{"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:32:54.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16856", "datePublished": "2019-03-26T17:45:29", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F18AB12-4884-4669-9046-39464A7AAC16", "versionEndExcluding": "2.0.2-5", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:octavia:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8D54E3C-4629-4B5A-B361-41EE65E19CB5", "versionEndExcluding": "3.0.1-0.20181009115732", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*", "matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."}, {"lang": "es", "value": "En una instalaci\u00f3n de Red Hat Openstack Platform Director por defecto, openstack-octavia en versiones anteriores a la 2.0.2-5 y openstack-octavia-3.0.1-0.20181009115732 crean archivos de registro que pueden ser le\u00eddos por todos los usuarios. La informaci\u00f3n sensible, como las claves privadas, puede aparecer en estos archivos, lo que permite la exposici\u00f3n de informaci\u00f3n."}], "id": "CVE-2018-16856", "lastModified": "2021-08-04T17:15:13.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-03-26T18:29:00.357", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16856"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Garth Mollett (Red Hat).", "affected_release": [{"advisory": "RHSA-2019:0567", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-octavia-0:2.0.3-2.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-03-14T00:00:00Z"}, {"advisory": "RHSA-2019:0593", "cpe": "cpe:/a:redhat:openstack:14::el7", "package": "openstack-octavia-0:3.0.2-0.20181219195054.ec4c88e.el7ost", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-03-18T00:00:00Z"}], "bugzilla": {"description": "openstack-octavia: Private keys written to world-readable log files", "id": "1649165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649165"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-532", "details": ["In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.", "In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure."], "name": "CVE-2018-16856", "package_state": [{"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Will not fix", "package_name": "openstack-octavia", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}], "public_date": "2018-09-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-16856\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16856"], "threat_severity": "Moderate", "upstream_fix": "openstack-octavia-3.0.1 0.20181009115732, openstack-octavia 2.0.2-5"}