7.5

CVE-2015-7945

EPSS 13.55%
Veröffentlicht 18.08.2017 17:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Spi-inc ≫ Ganeti Version <= 2.9.6

Spi-inc ≫ Ganeti Version2.10.0

Spi-inc ≫ Ganeti Version2.10.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.10.0 Updaterc1

Spi-inc ≫ Ganeti Version2.10.0 Updaterc2

Spi-inc ≫ Ganeti Version2.10.0 Updaterc3

Spi-inc ≫ Ganeti Version2.10.1

Spi-inc ≫ Ganeti Version2.10.2

Spi-inc ≫ Ganeti Version2.10.3

Spi-inc ≫ Ganeti Version2.10.4

Spi-inc ≫ Ganeti Version2.10.5

Spi-inc ≫ Ganeti Version2.10.6

Spi-inc ≫ Ganeti Version2.10.7

Spi-inc ≫ Ganeti Version2.11.0

Spi-inc ≫ Ganeti Version2.11.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.11.0 Updaterc1

Spi-inc ≫ Ganeti Version2.11.1

Spi-inc ≫ Ganeti Version2.11.2

Spi-inc ≫ Ganeti Version2.11.3

Spi-inc ≫ Ganeti Version2.11.4

Spi-inc ≫ Ganeti Version2.11.5

Spi-inc ≫ Ganeti Version2.11.6

Spi-inc ≫ Ganeti Version2.11.7

Spi-inc ≫ Ganeti Version2.12.0

Spi-inc ≫ Ganeti Version2.12.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.12.0 Updaterc1

Spi-inc ≫ Ganeti Version2.12.0 Updaterc2

Spi-inc ≫ Ganeti Version2.12.1

Spi-inc ≫ Ganeti Version2.12.2

Spi-inc ≫ Ganeti Version2.12.3

Spi-inc ≫ Ganeti Version2.12.4

Spi-inc ≫ Ganeti Version2.12.5

Spi-inc ≫ Ganeti Version2.13.0

Spi-inc ≫ Ganeti Version2.13.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.13.0 Updaterc1

Spi-inc ≫ Ganeti Version2.13.1

Spi-inc ≫ Ganeti Version2.13.2

Spi-inc ≫ Ganeti Version2.14.0

Spi-inc ≫ Ganeti Version2.14.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.14.0 Updatebeta2

Spi-inc ≫ Ganeti Version2.14.0 Updaterc1

Spi-inc ≫ Ganeti Version2.14.0 Updaterc2

Spi-inc ≫ Ganeti Version2.14.1

Spi-inc ≫ Ganeti Version2.15.0

Spi-inc ≫ Ganeti Version2.15.0 Updatebeta1

Spi-inc ≫ Ganeti Version2.15.0 Updaterc1

Spi-inc ≫ Ganeti Version2.15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.55%	0.939

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2

Vendor Advisory

Release Notes

http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7

Vendor Advisory

Release Notes

http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html

Patch

Third Party Advisory

VDB Entry

http://www.debian.org/security/2016/dsa-3431

http://www.ocert.org/advisories/ocert-2015-012.html

Patch

Third Party Advisory

VDB Entry

https://www.exploit-db.com/exploits/39169/

https://nvd.nist.gov/vuln/detail/CVE-2015-7945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7945

EUVD