Candidate: CVE-2019-3830
PublicDate: 2019-03-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3830
 https://rhn.redhat.com/errata/RHSA-2019-0566.html
Description:
 A vulnerability was found in ceilometer before version 12.0.0.0rc1. An
 Information Exposure in ceilometer-agent prints sensitive configuration
 data to log files without DEBUG logging being activated.
Ubuntu-Description:
Notes:
 seth-arnold> Fixed via Only-print-polling.yaml-file-contents-as-DEBUG.patch
  in Bionic, Cosmic; Disco, Xenial and Trusty don't appear to have the code
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_ceilometer:
upstream_ceilometer: needs-triage
precise/esm_ceilometer: DNE
trusty_ceilometer: not-affected
trusty/esm_ceilometer: DNE (trusty was not-affected)
xenial_ceilometer: not-affected
esm-infra/xenial_ceilometer: not-affected
bionic_ceilometer: not-affected
cosmic_ceilometer: not-affected
devel_ceilometer: not-affected