CVE-2019-3830

NameCVE-2019-3830
DescriptionA vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs925298

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceilometer (PTS)jessie2014.1.3-6fixed
stretch1:7.0.1-5fixed
buster1:11.0.1-5fixed
bullseye1:15.0.0-3fixed
bookworm1:19.0.0-3fixed
sid, trixie1:22.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ceilometersourcejessie(not affected)
ceilometersourcestretch(not affected)
ceilometersource(unstable)1:11.0.1-5925298

Notes

[stretch] - ceilometer <not-affected> (Vulnerable code not present)
[jessie] - ceilometer <not-affected> (vulnerable code is not present)
https://bugs.launchpad.net/ceilometer/+bug/1811098/
Introduced in https://github.com/openstack/ceilometer/commit/50415c0d08a3199d2280f3638dd121779585f0fe (10.0.0.0)
Fixed in https://github.com/openstack/ceilometer/commit/8881a42af169a2d7c912b1434911f978883c83f3
Search for package or bug name: Reporting problems