A vulnerability was found in Nova Compute resource fault handling. If an API request from an authenticateduser ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response and could include sensitive configuration or other data.
Upstream bug: https://bugs.launchpad.net/nova/+bug/1837877
Acknowledgments: Name: The OpenStack project
External References: https://security.openstack.org/ossa/OSSA-2019-003.html
Created openstack-nova tracking bugs for this issue: Affects: openstack-rdo [bug 1738351]
Statement: Red Hat OpenStack Platform 9 will be retired shortly after the flaw's public date; based on the severity of this vulnerability, it was determined that this fix would not be back ported.
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:2631 https://access.redhat.com/errata/RHSA-2019:2631
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:2622 https://access.redhat.com/errata/RHSA-2019:2622
This issue has been addressed in the following products: Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:2652 https://access.redhat.com/errata/RHSA-2019:2652
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14433