3.3

CVE-2015-9543

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNova Version < 18.2.4
OpenstackNova Version >= 19.0.0 < 19.1.0
OpenstackNova Version >= 20.0.0 < 20.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.323
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2020/02/19/2
Patch
Third Party Advisory
Mailing List
https://launchpad.net/bugs/1492140
Third Party Advisory
Issue Tracking
https://review.opendev.org/220622
Third Party Advisory
https://security.openstack.org/ossa/OSSA-2020-001.html
Patch
Vendor Advisory