Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openstack-cinder@2014.1.3-1?arch=el6ost

Type rpm

Namespace redhat

Name openstack-cinder

Version 2014.1.3-1

Qualifiers

arch	el6ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-8p6b-qw5m-jfha

vulnerability_id

VCID-8p6b-qw5m-jfha

summary

OpenStack Oslo utility sensitive information exposure via log files
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1939.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1939.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7231.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7231

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.36188
published_at	2026-04-26T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36528
published_at	2026-04-09T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36535
published_at	2026-04-11T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.365
published_at	2026-04-12T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36477
published_at	2026-04-13T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.3652
published_at	2026-04-16T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36502
published_at	2026-04-18T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36446
published_at	2026-04-21T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36218
published_at	2026-04-24T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36417
published_at	2026-04-01T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36588
published_at	2026-04-02T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36621
published_at	2026-04-04T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36457
published_at	2026-04-07T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36509
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7231

reference_url

https://bugs.launchpad.net/oslo.utils/+bug/1345233

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/oslo.utils/+bug/1345233

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231

reference_url

http://seclists.org/oss-sec/2014/q3/853

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2014/q3/853

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/96726

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/96726

reference_url

https://github.com/openstack/oslo.utils

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/oslo.utils

reference_url

http://www.securityfocus.com/bid/70184

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/70184

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722
reference_id	1147722
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::
reference_id	cpe:2.3:a:openstack:cinder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::
reference_id	cpe:2.3:a:openstack:nova::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::
reference_id	cpe:2.3:a:openstack:trove::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_id	cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7231

reference_id

CVE-2014-7231

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7231

reference_url

https://github.com/advisories/GHSA-v933-vx5p-j7w2

reference_id

GHSA-v933-vx5p-j7w2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v933-vx5p-j7w2

reference_url	https://access.redhat.com/errata/RHSA-2014:1939
reference_id	RHSA-2014:1939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1939

fixed_packages

aliases

CVE-2014-7231, GHSA-v933-vx5p-j7w2

risk_score

1.4

exploitability

0.5

weighted_severity

2.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-8p6b-qw5m-jfha

url

VCID-ea21-seng-n3fw

vulnerability_id

VCID-ea21-seng-n3fw

summary

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1787.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1787.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1788.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1788.html

reference_url

https://access.redhat.com/errata/RHSA-2014:1787

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1787

reference_url

https://access.redhat.com/errata/RHSA-2014:1788

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1788

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3641.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3641.json

reference_url

https://access.redhat.com/security/cve/CVE-2014-3641

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3641

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3641

reference_id

reference_type

scores

value	0.00329
scoring_system	epss
scoring_elements	0.55803
published_at	2026-04-24T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55822
published_at	2026-04-26T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55898
published_at	2026-04-16T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55877
published_at	2026-04-21T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55902
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56011
published_at	2026-04-02T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55899
published_at	2026-04-01T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56032
published_at	2026-04-04T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5601
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56061
published_at	2026-04-08T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56065
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56076
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56056
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56039
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3641

reference_url

https://bugs.launchpad.net/cinder/+bug/1350504

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/cinder/+bug/1350504

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1141996

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1141996

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3641

reference_url

http://seclists.org/oss-sec/2014/q4/78

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2014/q4/78

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3641

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3641

reference_url

https://opendev.org/openstack/cinder

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/cinder

reference_url

https://web.archive.org/web/20200228053848/http://www.securityfocus.com/bid/70221

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228053848/http://www.securityfocus.com/bid/70221

reference_url	http://www.securityfocus.com/bid/70221
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70221

reference_url

http://www.ubuntu.com/usn/USN-2405-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2405-1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::
reference_id	cpe:2.3:a:openstack:cinder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:2014.1.1:::::::*
reference_id	cpe:2.3:a:openstack:cinder:2014.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:2014.1.1:::::::*

reference_url

https://github.com/advisories/GHSA-qhch-g8qr-p497

reference_id

GHSA-qhch-g8qr-p497

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qhch-g8qr-p497

reference_url	https://usn.ubuntu.com/2405-1/
reference_id	USN-2405-1
reference_type
scores
url	https://usn.ubuntu.com/2405-1/

fixed_packages

aliases

CVE-2014-3641, GHSA-qhch-g8qr-p497

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ea21-seng-n3fw

url

VCID-ykzj-fz7y-eug8

vulnerability_id

VCID-ykzj-fz7y-eug8

summary

Trove: potential leak of passwords into log files

references

reference_url	http://rhn.redhat.com/errata/RHSA-2014-1939.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-1939.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7230

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31065
published_at	2026-04-26T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31368
published_at	2026-04-01T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31506
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31365
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31419
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31449
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31452
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31409
published_at	2026-04-12T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31373
published_at	2026-04-13T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31407
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31387
published_at	2026-04-18T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31358
published_at	2026-04-21T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31188
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7230

reference_url	https://bugs.launchpad.net/oslo-incubator/+bug/1343604
reference_id
reference_type
scores
url	https://bugs.launchpad.net/oslo-incubator/+bug/1343604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230

reference_url	http://seclists.org/oss-sec/2014/q3/853
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2014/q3/853

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/96725

reference_url	http://www.securityfocus.com/bid/70185
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70185

reference_url	http://www.ubuntu.com/usn/USN-2405-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2405-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722
reference_id	1147722
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
reference_id	765704
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
reference_id	765714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::
reference_id	cpe:2.3:a:openstack:cinder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::
reference_id	cpe:2.3:a:openstack:nova::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::
reference_id	cpe:2.3:a:openstack:trove::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_id	cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7230

reference_id

CVE-2014-7230

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7230

reference_url	https://access.redhat.com/errata/RHSA-2014:1939
reference_id	RHSA-2014:1939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1939

reference_url	https://usn.ubuntu.com/2405-1/
reference_id	USN-2405-1
reference_type
scores
url	https://usn.ubuntu.com/2405-1/

reference_url	https://usn.ubuntu.com/2407-1/
reference_id	USN-2407-1
reference_type
scores
url	https://usn.ubuntu.com/2407-1/

fixed_packages

aliases

CVE-2014-7230

risk_score

0.9

exploitability

0.5

weighted_severity

1.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzj-fz7y-eug8

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-cinder@2014.1.3-1%3Farch=el6ost

Package Instance