CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Published: Aug 29, 2022
Updated: May 9, 2024
CVE: CVE-2022-0718
GHSA: GHSA-wmqq-r32m-87c5
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-522
CWE-532

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
openstack / oslo.utils	-	4.10.1
openstack / oslo.utils	4.12.0	4.12.0.x
redhat / openshift_container_platform	4.0	4.0.x
redhat / openstack_platform	16.1	16.1.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
oslo-utils	-	4.10.1

https://access.redhat.com/errata/RHSA-2022:0993
https://access.redhat.com/errata/RHSA-2022:8873
https://access.redhat.com/security/cve/CVE-2022-0718
https://bugs.launchpad.net/oslo.utils/+bug/1949623
https://bugzilla.redhat.com/show_bug.cgi?id=2056850
https://github.com/pypa/advisory-database/tree/main/vulns/oslo-utils/PYSEC-2022-258.yaml
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa
https://security-tracker.debian.org/tracker/CVE-2022-0718

Vulnerability Database

289,599

CVE-2022-0718