1 results (0.001 seconds)
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10755 – openstack-cinder: Improper handling of ScaleIO backend credentials
https://notcve.org/view.php?id=CVE-2020-10755
10 Jun 2020 — An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an en... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755 • CWE-522: Insufficiently Protected Credentials •