CVE-2015-9543
https://notcve.org/view.php?id=CVE-2015-9543
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. • http://www.openwall.com/lists/oss-security/2020/02/19/2 https://launchpad.net/bugs/1492140 https://review.opendev.org/220622 https://security.openstack.org/ossa/OSSA-2020-001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-14433 – openstack-nova: Nova server resource faults leak external exception details
https://notcve.org/view.php?id=CVE-2019-14433
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. Se detectó un problema en OpenStack Nova en versiones anteriores a 17.0.12, versiones 18.x anteriores a 18.2.2, y versiones 19.x anteriores a 19.0.2. Si una petición de la API de un usuario autenticado termina en una condición de fallo debido a una excepción externa, los detalles del entorno subyacente puede ser filtrados en la respuesta, y podrían incluir una configuración confidencial u otros datos. A vulnerability was found in the Nova Compute resource fault handling. • http://www.openwall.com/lists/oss-security/2019/08/06/6 https://access.redhat.com/errata/RHSA-2019:2622 https://access.redhat.com/errata/RHSA-2019:2631 https://access.redhat.com/errata/RHSA-2019:2652 https://launchpad.net/bugs/1837877 https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html https://security.openstack.org/ossa/OSSA-2019-003.html https://usn.ubuntu.com/4104-1 https://access.redhat.com/security/cve/CVE-2019-14433 https://bugzilla.redhat. • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una cabecera qcow2 manipulada en un disco efímero o root. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. • http://www.openwall.com/lists/oss-security/2016/03/08/6 http://www.securityfocus.com/bid/84277 https://bugs.launchpad.net/nova/+bug/1548450 https://security.openstack.org/ossa/OSSA-2016-007.html https://access.redhat.com/security/cve/CVE-2016-2140 https://bugzilla.redhat.com/show_bug.cgi?id=1313454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-8749
https://notcve.org/view.php?id=CVE-2015-8749
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) incluye el diccionario connection_info en el mensaje StorageError cuando utiliza el backend Xen, lo que permitiría a atacantes obtener información sensible de contraseña leyendo archivos de registro u otros vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/01/07/8 http://www.openwall.com/lists/oss-security/2016/01/07/9 http://www.securityfocus.com/bid/80189 https://bugs.launchpad.net/nova/+bug/1516765 https://security.openstack.org/ossa/OSSA-2016-002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permite a usuarios remotos autenticados leer archivos arbitrarios sobrescribiendo una instancia de disco con una imagen manipulada y solicitando una instantánea. A flaw was discovered in the OpenStack Compute (nova) snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False". • http://rhn.redhat.com/errata/RHSA-2016-0018.html http://www.securityfocus.com/bid/80176 https://security.openstack.org/ossa/OSSA-2016-001.html https://access.redhat.com/security/cve/CVE-2015-7548 https://bugzilla.redhat.com/show_bug.cgi?id=1290511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •