PT-2016-3997 · Openstack+1 · Openstack Compute+1

Matt Riedemann

Published

2016-01-15

Updated

2022-05-14

CVE-2015-8749

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions prior to 2015.1.3 (kilo) OpenStack Compute (Nova) versions 12.0.x prior to 12.0.1 (liberty)

Description The issue concerns the volume utils. parse volume info function, which includes the connection info dictionary in the StorageError message when using the Xen backend. This might allow attackers to obtain sensitive password information by reading log files.

Recommendations For versions prior to 2015.1.3 (kilo), update to version 2015.1.3 or later. For versions 12.0.x prior to 12.0.1 (liberty), update to version 12.0.1 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-8749

GHSA-C36R-G737-9QP8

USN-3449-1

Affected Products

Openstack Compute

Ubuntu

PT-2016-3997 · Openstack+1 · Openstack Compute+1

CVE-2015-8749

Weakness Enumeration

Related Identifiers

Affected Products

References · 27