3.3

CVE-2015-9543

EPSS 0.13%
Published 19.02.2020 03:15:10
Last modified 21.11.2024 02:40:53
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Nova Version < 18.2.4

Openstack ≫ Nova Version >= 19.0.0 < 19.1.0

Openstack ≫ Nova Version >= 20.0.0 < 20.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2020/02/19/2

Patch

Third Party Advisory

Mailing List

https://launchpad.net/bugs/1492140

Third Party Advisory

Issue Tracking

https://review.opendev.org/220622

Third Party Advisory

https://security.openstack.org/ossa/OSSA-2020-001.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-9543

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-9543

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-9543

EUVD