CVE-2015-9543
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.
Se detectó un problema en OpenStack Nova versiones anteriores a 18.2.4, versiones 19.x anteriores a 19.1.0 y versiones 20.x anteriores a 20.1.0. Puede filtrar tokens consoleauth en archivos de registro. Un atacante con acceso de lectura a los registros del servicio puede obtener tokens usados para el acceso a la consola. Todas las configuraciones de Nova que usan novncproxy están afectadas. Esto está relacionado con la función NovaProxyRequestHandlerBase.new_websocket_client en el archivo console/websocketproxy.py.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-19 CVE Reserved
- 2020-02-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://launchpad.net/bugs/1492140 | Issue Tracking | |
| https://review.opendev.org/220622 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/02/19/2 | 2020-02-27 | |
| https://security.openstack.org/ossa/OSSA-2020-001.html | 2020-02-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | < 18.2.4 Search vendor "Openstack" for product "Nova" and version " < 18.2.4" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 19.0.0 < 19.1.0 Search vendor "Openstack" for product "Nova" and version " >= 19.0.0 < 19.1.0" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 20.0.0 < 20.1.0 Search vendor "Openstack" for product "Nova" and version " >= 20.0.0 < 20.1.0" | - |
Affected
| ||||||