Miggo Logo
Miggo Vulnerability Database
CVE-2011-4076

CVE-2011-4076: OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor

5.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2011-4076
GHSA ID
GHSA-vcmv-6rxx-fh7r
EPSS Score
0.60422%
CWE
CWE-200
Published
4/22/2022
Updated
5/8/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper error handling that revealed sensitive credentials. The commits b1ab6da and beee11e modified these repr methods to exclude sensitive fields, confirming their role in the exposure. The original implementations returned full user/project details (including secrets) during authentication failures, which aligned with the CVE's description of EC2_SECRET_KEY leakage via error messages.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k Nov* ***or* ****.* *llows som*on* wit* ****ss to *n ***_****SS_K*Y (*quiv*l*nt to * us*rn*m*) to o*t*in t** ***_S**R*T_K*Y (*quiv*l*nt to * p*sswor*). *xposin* t** ***_****SS_K*Y vi* *ttp or tools t**t *llow m*n-in-t**-mi**l* ov*r *ttps *ou

Reasoning

T** vuln*r**ility st*mm** *rom improp*r *rror **n*lin* t**t r*v**l** s*nsitiv* *r***nti*ls. T** *ommits ******* *n* ******* mo*i*i** t**s* __r*pr__ m*t*o*s to *x*lu** s*nsitiv* *i*l*s, *on*irmin* t**ir rol* in t** *xposur*. T** ori*in*l impl*m*nt*tio