Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ykzj-fz7y-eug8

Summary Trove: potential leak of passwords into log files

Aliases

alias	CVE-2014-7230

Fixed_packages

url	pkg:deb/debian/cinder@2014.1.3-4?distro=trixie
purl	pkg:deb/debian/cinder@2014.1.3-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2014.1.3-4%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/nova@2014.1.3-5?distro=trixie
purl	pkg:deb/debian/nova@2014.1.3-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-5%3Fdistro=trixie

url pkg:deb/debian/nova@2014.1.3-11

purl pkg:deb/debian/nova@2014.1.3-11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fb2-ccby-7yfq

vulnerability	VCID-1qbm-qguj-gkem

vulnerability	VCID-2dpk-ncrc-1fcw

vulnerability	VCID-5nfz-1bk3-93fe

vulnerability	VCID-6n3z-x4zj-4bez

vulnerability	VCID-7yp4-ebnm-g3c3

vulnerability	VCID-9se5-m6dx-8kcj

vulnerability	VCID-br4q-499g-vqhg

vulnerability	VCID-cwub-w9dp-wfgy

vulnerability	VCID-cy7p-gzf8-eqcj

vulnerability	VCID-ek6e-977t-3bew

vulnerability	VCID-h6rd-5p7q-s3gq

vulnerability	VCID-jdb7-71q5-pfcx

vulnerability	VCID-k48d-ecqx-m3ed

vulnerability	VCID-nb1y-cbzs-abhc

vulnerability	VCID-qfdm-g857-3yb5

vulnerability	VCID-s69v-tc7x-37fe

vulnerability	VCID-zy9m-d25c-5uga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11

url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hd9e-1msb-uqa6

vulnerability	VCID-m5vc-4my3-87gk

vulnerability	VCID-zwuz-pgjz-rkb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie

url	pkg:deb/debian/openstack-trove@2014.1.3-1?distro=trixie
purl	pkg:deb/debian/openstack-trove@2014.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openstack-trove@2014.1.3-1%3Fdistro=trixie

url	pkg:deb/debian/openstack-trove@1:18.0.0-2?distro=trixie
purl	pkg:deb/debian/openstack-trove@1:18.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openstack-trove@1:18.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/openstack-trove@1:23.0.0-2?distro=trixie
purl	pkg:deb/debian/openstack-trove@1:23.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openstack-trove@1:23.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/openstack-trove@1:25.0.0~rc1-3?distro=trixie
purl	pkg:deb/debian/openstack-trove@1:25.0.0~rc1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openstack-trove@1:25.0.0~rc1-3%3Fdistro=trixie

url	pkg:deb/debian/openstack-trove@1:25.0.0-1?distro=trixie
purl	pkg:deb/debian/openstack-trove@1:25.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openstack-trove@1:25.0.0-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/nova@2012.1.1-18

purl pkg:deb/debian/nova@2012.1.1-18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fb2-ccby-7yfq

vulnerability	VCID-1p1c-fevy-bydg

vulnerability	VCID-1qbm-qguj-gkem

vulnerability	VCID-2dpk-ncrc-1fcw

vulnerability	VCID-5nfz-1bk3-93fe

vulnerability	VCID-5w9q-vw2n-zfdu

vulnerability	VCID-6n3z-x4zj-4bez

vulnerability	VCID-7wvt-bvww-g7ck

vulnerability	VCID-7yp4-ebnm-g3c3

vulnerability	VCID-9se5-m6dx-8kcj

vulnerability	VCID-az4e-wgmd-gyc3

vulnerability	VCID-bauj-n7jg-gkd2

vulnerability	VCID-br4q-499g-vqhg

vulnerability	VCID-cwub-w9dp-wfgy

vulnerability	VCID-cy7p-gzf8-eqcj

vulnerability	VCID-ek6e-977t-3bew

vulnerability	VCID-ex1j-py3q-93hv

vulnerability	VCID-h6rd-5p7q-s3gq

vulnerability	VCID-hcsa-vfvp-buax

vulnerability	VCID-hgk8-jtvw-9fgb

vulnerability	VCID-jdb7-71q5-pfcx

vulnerability	VCID-jdn1-d4d3-sud7

vulnerability	VCID-k48d-ecqx-m3ed

vulnerability	VCID-kncr-vrmh-fygm

vulnerability	VCID-kqbu-drg3-fycm

vulnerability	VCID-n6d6-1kyd-qufe

vulnerability	VCID-nb1y-cbzs-abhc

vulnerability	VCID-q246-vzd6-3qfb

vulnerability	VCID-qb9p-rpza-5fa5

vulnerability	VCID-qe1w-wnfu-mudr

vulnerability	VCID-qfdm-g857-3yb5

vulnerability	VCID-qnhs-qv3p-myg2

vulnerability	VCID-r558-z5xb-v3a8

vulnerability	VCID-rvp9-etcr-wycj

vulnerability	VCID-s69v-tc7x-37fe

vulnerability	VCID-sj2k-uq1g-suby

vulnerability	VCID-t2sh-b3m5-vyax

vulnerability	VCID-v47b-k4qx-h7a2

vulnerability	VCID-vena-h39k-v3fe

vulnerability	VCID-x5k4-dm9d-xkf7

vulnerability	VCID-y8va-eyt2-3kfv

vulnerability	VCID-ykzj-fz7y-eug8

vulnerability	VCID-zy9m-d25c-5uga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-18

url pkg:rpm/redhat/openstack-cinder@2014.1.3-1?arch=el7ost

purl pkg:rpm/redhat/openstack-cinder@2014.1.3-1?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8p6b-qw5m-jfha

vulnerability	VCID-ea21-seng-n3fw

vulnerability	VCID-ykzj-fz7y-eug8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-cinder@2014.1.3-1%3Farch=el7ost

url pkg:rpm/redhat/openstack-cinder@2014.1.3-1?arch=el6ost

purl pkg:rpm/redhat/openstack-cinder@2014.1.3-1?arch=el6ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8p6b-qw5m-jfha

vulnerability	VCID-ea21-seng-n3fw

vulnerability	VCID-ykzj-fz7y-eug8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-cinder@2014.1.3-1%3Farch=el6ost

url pkg:rpm/redhat/openstack-nova@2014.1.3-4?arch=el6ost

purl pkg:rpm/redhat/openstack-nova@2014.1.3-4?arch=el6ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8p6b-qw5m-jfha

vulnerability	VCID-9vq2-2nsa-bbfa

vulnerability	VCID-x5k4-dm9d-xkf7

vulnerability	VCID-ykzj-fz7y-eug8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@2014.1.3-4%3Farch=el6ost

url pkg:rpm/redhat/openstack-nova@2014.1.3-4?arch=el7ost

purl pkg:rpm/redhat/openstack-nova@2014.1.3-4?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8p6b-qw5m-jfha

vulnerability	VCID-9vq2-2nsa-bbfa

vulnerability	VCID-x5k4-dm9d-xkf7

vulnerability	VCID-ykzj-fz7y-eug8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@2014.1.3-4%3Farch=el7ost

url pkg:rpm/redhat/openstack-trove@2014.1.3-1?arch=el7ost

purl pkg:rpm/redhat/openstack-trove@2014.1.3-1?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8p6b-qw5m-jfha

vulnerability	VCID-ykzj-fz7y-eug8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-trove@2014.1.3-1%3Farch=el7ost

References

reference_url	http://rhn.redhat.com/errata/RHSA-2014-1939.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-1939.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7230

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31407
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31368
published_at	2026-04-01T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31506
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31365
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31419
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31449
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31452
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31409
published_at	2026-04-12T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31373
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7230

reference_url	https://bugs.launchpad.net/oslo-incubator/+bug/1343604
reference_id
reference_type
scores
url	https://bugs.launchpad.net/oslo-incubator/+bug/1343604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230

reference_url	http://seclists.org/oss-sec/2014/q3/853
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2014/q3/853

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/96725

reference_url	http://www.securityfocus.com/bid/70185
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70185

reference_url	http://www.ubuntu.com/usn/USN-2405-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2405-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722
reference_id	1147722
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
reference_id	765704
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
reference_id	765714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::
reference_id	cpe:2.3:a:openstack:cinder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::
reference_id	cpe:2.3:a:openstack:nova::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::
reference_id	cpe:2.3:a:openstack:trove::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_id	cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7230

reference_id

CVE-2014-7230

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7230

reference_url	https://access.redhat.com/errata/RHSA-2014:1939
reference_id	RHSA-2014:1939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1939

reference_url	https://usn.ubuntu.com/2405-1/
reference_id	USN-2405-1
reference_type
scores
url	https://usn.ubuntu.com/2405-1/

reference_url	https://usn.ubuntu.com/2407-1/
reference_id	USN-2407-1
reference_type
scores
url	https://usn.ubuntu.com/2407-1/

Weaknesses

cwe_id	184
name	Incomplete List of Disallowed Inputs
description	The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

cwe_id	532
name	Insertion of Sensitive Information into Log File
description	Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 2.1 - 2.1

Exploitability 0.5

Weighted_severity 1.9

Risk_score 0.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzj-fz7y-eug8

Vulnerability Instance