CVE-2015-8749

Published: 15/01/2016 Updated: 16/11/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) prior to 2015.1.3 (kilo) and 12.0.x prior to 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow malicious users to obtain sensitive password information by reading log files or other unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack nova

Several security issues were fixed in OpenStack Nova ...

The volume_utils_parse_volume_info function in OpenStack Compute (Nova) before 201513 (kilo) and 120x before 1201 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors ...

CWE-200 http://www.openwall.com/lists/oss-security/2016/01/07/8 https://security.openstack.org/ossa/OSSA-2016-002.html http://www.openwall.com/lists/oss-security/2016/01/07/9 https://bugs.launchpad.net/nova/+bug/1516765 http://www.securityfocus.com/bid/80189 https://usn.ubuntu.com/3449-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-8749

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect