CVE-2011-4076: OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
5.9
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.60422%
CWE
Published
4/22/2022
Updated
5/8/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
nova | pip | < 12.0.0a0 | 12.0.0a0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from improper error handling that revealed sensitive credentials. The commits b1ab6da and beee11e modified these repr methods to exclude sensitive fields, confirming their role in the exposure. The original implementations returned full user/project details (including secrets) during authentication failures, which aligned with the CVE's description of EC2_SECRET_KEY leakage via error messages.