{
  "threat_severity" : "Moderate",
  "public_date" : "2024-05-06T00:00:00Z",
  "bugzilla" : {
    "description" : "rhosp-director: cleartext passwords exposed in logs",
    "id" : "2280249",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-312",
  "details" : [ "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.", "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "release_date" : "2024-11-21T00:00:00Z",
    "advisory" : "RHSA-2024:9978",
    "cpe" : "cpe:/a:redhat:openstack:17.1::el9",
    "package" : "openstack-tripleo-heat-templates-0:14.3.1-17.1.20240919130756.el9ost"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Will not fix",
    "package_name" : "rhosp-director",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-4840\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4840" ],
  "name" : "CVE-2024-4840",
  "csaw" : false
}