CVE-2019-14433
Publication date 6 August 2019
Last updated 25 August 2025
Ubuntu priority
Description
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| nova | ||
| 18.04 LTS bionic |
Fixed 2:17.0.10-0ubuntu2.1
|
|
| 16.04 LTS xenial |
Fixed 2:13.1.4-0ubuntu4.5
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-4104-1
- Nova vulnerability
- 19 August 2019