Sensitive Information Exposure in Openstack-Octavia Log Files

Sensitive Information Exposure in Openstack-Octavia Log Files

CVE-2018-16856 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

Learn more about our User Device Pen Test.