PT-2016-3997 · Openstack+1 · Openstack Compute+1
Matt Riedemann
·
Publicado
2016-01-15
·
Atualizado
2022-05-14
·
CVE-2015-8749
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Compute (Nova) versions prior to 2015.1.3 (kilo)
OpenStack Compute (Nova) versions 12.0.x prior to 12.0.1 (liberty)
Description
The issue concerns the
volume utils. parse volume info function, which includes the connection info dictionary in the StorageError message when using the Xen backend. This might allow attackers to obtain sensitive password information by reading log files.Recommendations
For versions prior to 2015.1.3 (kilo), update to version 2015.1.3 or later.
For versions 12.0.x prior to 12.0.1 (liberty), update to version 12.0.1 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openstack Compute
Ubuntu