3.3

CVE-2015-9543

EPSS 0.13%
Veröffentlicht 19.02.2020 03:15:10
Zuletzt bearbeitet 21.11.2024 02:40:53
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Nova Version < 18.2.4

Openstack ≫ Nova Version >= 19.0.0 < 19.1.0

Openstack ≫ Nova Version >= 20.0.0 < 20.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2020/02/19/2

Patch

Third Party Advisory

Mailing List

https://launchpad.net/bugs/1492140

Third Party Advisory

Issue Tracking

https://review.opendev.org/220622

Third Party Advisory

https://security.openstack.org/ossa/OSSA-2020-001.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-9543

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-9543

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-9543

EUVD