Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9646-3484-kqhe

Summary An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

Aliases

alias	CVE-2019-3866

Fixed_packages

url	pkg:deb/debian/mistral@5.1.0-2?distro=trixie
purl	pkg:deb/debian/mistral@5.1.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@5.1.0-2%3Fdistro=trixie

url pkg:deb/debian/mistral@7.0.0-2

purl pkg:deb/debian/mistral@7.0.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-az65-twk7-kbc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@7.0.0-2

url	pkg:deb/debian/mistral@11.0.0-2?distro=trixie
purl	pkg:deb/debian/mistral@11.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@11.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/mistral@15.0.0-1?distro=trixie
purl	pkg:deb/debian/mistral@15.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@15.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/mistral@20.0.0-2?distro=trixie
purl	pkg:deb/debian/mistral@20.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@20.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/mistral@22.0.0-1?distro=trixie
purl	pkg:deb/debian/mistral@22.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@22.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/python-mistral-lib@1.2.0-3?distro=trixie
purl	pkg:deb/debian/python-mistral-lib@1.2.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@1.2.0-3%3Fdistro=trixie

url	pkg:deb/debian/python-mistral-lib@2.3.0-2?distro=trixie
purl	pkg:deb/debian/python-mistral-lib@2.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@2.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/python-mistral-lib@2.3.0-2
purl	pkg:deb/debian/python-mistral-lib@2.3.0-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@2.3.0-2

url	pkg:deb/debian/python-mistral-lib@2.7.0-2?distro=trixie
purl	pkg:deb/debian/python-mistral-lib@2.7.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@2.7.0-2%3Fdistro=trixie

url	pkg:deb/debian/python-mistral-lib@3.3.1-2?distro=trixie
purl	pkg:deb/debian/python-mistral-lib@3.3.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@3.3.1-2%3Fdistro=trixie

url	pkg:deb/debian/python-mistral-lib@3.5.1-3?distro=trixie
purl	pkg:deb/debian/python-mistral-lib@3.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@3.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/python-oslo.utils@3.41.3-1?distro=trixie
purl	pkg:deb/debian/python-oslo.utils@3.41.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@3.41.3-1%3Fdistro=trixie

url pkg:deb/debian/python-oslo.utils@4.6.0-2

purl pkg:deb/debian/python-oslo.utils@4.6.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f76m-vpwk-aqfr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@4.6.0-2

url	pkg:deb/debian/python-oslo.utils@4.6.0-2?distro=trixie
purl	pkg:deb/debian/python-oslo.utils@4.6.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@4.6.0-2%3Fdistro=trixie

url	pkg:deb/debian/python-oslo.utils@6.0.1-2?distro=trixie
purl	pkg:deb/debian/python-oslo.utils@6.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@6.0.1-2%3Fdistro=trixie

url	pkg:deb/debian/python-oslo.utils@8.2.0-4?distro=trixie
purl	pkg:deb/debian/python-oslo.utils@8.2.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@8.2.0-4%3Fdistro=trixie

url	pkg:deb/debian/python-oslo.utils@10.0.1-1?distro=trixie
purl	pkg:deb/debian/python-oslo.utils@10.0.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@10.0.1-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/mistral@2.0.0-2~bpo8%2B1

purl pkg:deb/debian/mistral@2.0.0-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2hp5-4x1r-dqec

vulnerability	VCID-9646-3484-kqhe

vulnerability	VCID-az65-twk7-kbc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@2.0.0-2~bpo8%252B1

url pkg:deb/debian/mistral@3.0.0-4%2Bdeb9u1

purl pkg:deb/debian/mistral@3.0.0-4%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2hp5-4x1r-dqec

vulnerability	VCID-9646-3484-kqhe

vulnerability	VCID-az65-twk7-kbc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mistral@3.0.0-4%252Bdeb9u1

url pkg:deb/debian/python-mistral-lib@1.0.0-1

purl pkg:deb/debian/python-mistral-lib@1.0.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9646-3484-kqhe

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-mistral-lib@1.0.0-1

url pkg:deb/debian/python-oslo.utils@0.2.0-1

purl pkg:deb/debian/python-oslo.utils@0.2.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9646-3484-kqhe

vulnerability	VCID-f76m-vpwk-aqfr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@0.2.0-1

url pkg:deb/debian/python-oslo.utils@3.8.0-2~bpo8%2B1

purl pkg:deb/debian/python-oslo.utils@3.8.0-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9646-3484-kqhe

vulnerability	VCID-f76m-vpwk-aqfr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@3.8.0-2~bpo8%252B1

url pkg:deb/debian/python-oslo.utils@3.16.0-2

purl pkg:deb/debian/python-oslo.utils@3.16.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9646-3484-kqhe

vulnerability	VCID-f76m-vpwk-aqfr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@3.16.0-2

url pkg:deb/debian/python-oslo.utils@3.36.5-0%2Bdeb10u1

purl pkg:deb/debian/python-oslo.utils@3.36.5-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9646-3484-kqhe

vulnerability	VCID-f76m-vpwk-aqfr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-oslo.utils@3.36.5-0%252Bdeb10u1

url pkg:rpm/redhat/openstack-mistral@9.0.2-0.20191125120837.6651519?arch=el8ost

purl pkg:rpm/redhat/openstack-mistral@9.0.2-0.20191125120837.6651519?arch=el8ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9646-3484-kqhe

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-mistral@9.0.2-0.20191125120837.6651519%3Farch=el8ost

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3866.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3866.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3866

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.18191
published_at	2026-06-09T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18246
published_at	2026-06-07T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18172
published_at	2026-06-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19055
published_at	2026-06-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1913
published_at	2026-06-05T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21254
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3866

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3866
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3866

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1768731
reference_id	1768731
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1768731

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946060
reference_id	946060
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946060

reference_url	https://access.redhat.com/errata/RHSA-2021:0420
reference_id	RHSA-2021:0420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0420

reference_url	https://usn.ubuntu.com/7465-1/
reference_id	USN-7465-1
reference_type
scores
url	https://usn.ubuntu.com/7465-1/

Weaknesses

cwe_id	732
name	Incorrect Permission Assignment for Critical Resource
description	The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Exploits

Severity_range_score 5.9 - 5.9

Exploitability 0.5

Weighted_severity 5.3

Risk_score 2.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9646-3484-kqhe

Vulnerability Instance