CVE-2015-8749
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) incluye el diccionario connection_info en el mensaje StorageError cuando utiliza el backend Xen, lo que permitiría a atacantes obtener información sensible de contraseña leyendo archivos de registro u otros vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-01-07 CVE Reserved
- 2016-01-15 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/07/8 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2016/01/07/9 | Mailing List |
|
| http://www.securityfocus.com/bid/80189 | Third Party Advisory | |
| https://bugs.launchpad.net/nova/+bug/1516765 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.openstack.org/ossa/OSSA-2016-002.html | 2018-11-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 12.0.0 < 12.0.1 Search vendor "Openstack" for product "Nova" and version " >= 12.0.0 < 12.0.1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2015.1.0 < 2015.1.3 Search vendor "Openstack" for product "Nova" and version " >= 2015.1.0 < 2015.1.3" | - |
Affected
| ||||||