-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Nova | pip | < 18.2.4 | 18.2.4 |
| Nova | pip | >= 19.0.0, < 19.1.0 | 19.1.0 |
| Nova | pip | >= 20.0.0, < 20.1.0 | 20.1.0 |
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from unredacted logging of consoleauth tokens. Commit diffs (e.g., openstack/nova@08f1f91) show these functions originally logged sensitive token data. In websocketproxy.py, new_websocket_client logged the full 'connect_info' dictionary containing the token. In consoleauth/manager.py, both authorize_console and check_token included the raw token in INFO-level log statements. Patches explicitly redacted the token in these locations, confirming their role in the exposure.
KEV Misses 88% of Exploited CVEs- Get the report