Back to search
CVE-2015-8749
Published: Jan 15, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160107 Re: CVE request for vulnerability in OpenStack Nova
mailing-list
x_refsource_MLIST
80189
vdb-entry
x_refsource_BID
https://security.openstack.org/ossa/OSSA-2016-002.html
x_refsource_CONFIRM
https://bugs.launchpad.net/nova/+bug/1516765
x_refsource_CONFIRM
[oss-security] 20160107 CVE request for vulnerability in OpenStack Nova
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now