3.3

CVE-2015-9543

EPSS 0.08%
Veröffentlicht 19.02.2020 03:15:10
Zuletzt bearbeitet 21.11.2024 02:40:53
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Nova Version < 18.2.4

Openstack ≫ Nova Version >= 19.0.0 < 19.1.0

Openstack ≫ Nova Version >= 20.0.0 < 20.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.241

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2020/02/19/2

Patch

Third Party Advisory

Mailing List

https://launchpad.net/bugs/1492140

Third Party Advisory

Issue Tracking

https://review.opendev.org/220622

Third Party Advisory

https://security.openstack.org/ossa/OSSA-2020-001.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-9543

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-9543

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-9543

EUVD