CVE-2015-7945 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Affected Products (NVD)

Vendor	Product	Version
spi-inc	ganeti	𝑥 ≤ 2.9.6
spi-inc	ganeti	2.10.0
spi-inc	ganeti	2.10.0:beta1
spi-inc	ganeti	2.10.0:rc1
spi-inc	ganeti	2.10.0:rc2
spi-inc	ganeti	2.10.0:rc3
spi-inc	ganeti	2.10.1
spi-inc	ganeti	2.10.2
spi-inc	ganeti	2.10.3
spi-inc	ganeti	2.10.4
spi-inc	ganeti	2.10.5
spi-inc	ganeti	2.10.6
spi-inc	ganeti	2.10.7
spi-inc	ganeti	2.11.0
spi-inc	ganeti	2.11.0:beta1
spi-inc	ganeti	2.11.0:rc1
spi-inc	ganeti	2.11.1
spi-inc	ganeti	2.11.2
spi-inc	ganeti	2.11.3
spi-inc	ganeti	2.11.4
spi-inc	ganeti	2.11.5
spi-inc	ganeti	2.11.6
spi-inc	ganeti	2.11.7
spi-inc	ganeti	2.12.0
spi-inc	ganeti	2.12.0:beta1
spi-inc	ganeti	2.12.0:rc1
spi-inc	ganeti	2.12.0:rc2
spi-inc	ganeti	2.12.1
spi-inc	ganeti	2.12.2
spi-inc	ganeti	2.12.3
spi-inc	ganeti	2.12.4
spi-inc	ganeti	2.12.5
spi-inc	ganeti	2.13.0
spi-inc	ganeti	2.13.0:beta1
spi-inc	ganeti	2.13.0:rc1
spi-inc	ganeti	2.13.1
spi-inc	ganeti	2.13.2
spi-inc	ganeti	2.14.0
spi-inc	ganeti	2.14.0:beta1
spi-inc	ganeti	2.14.0:beta2
spi-inc	ganeti	2.14.0:rc1
spi-inc	ganeti	2.14.0:rc2
spi-inc	ganeti	2.14.1
spi-inc	ganeti	2.15.0
spi-inc	ganeti	2.15.0:beta1
spi-inc	ganeti	2.15.0:rc1
spi-inc	ganeti	2.15.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ganeti

bookworm	3.0.2-3 fixed
bullseye	3.0.2-1~deb11u1 fixed
sid	3.0.2-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

ganeti

artful	dne
bionic	not-affected
cosmic	not-affected
disco	not-affected
precise	ignored
trusty	dne
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8

http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8

http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6

http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3

http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2

http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2

http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7

http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html

http://www.debian.org/security/2016/dsa-3431

http://www.ocert.org/advisories/ocert-2015-012.html

https://www.exploit-db.com/exploits/39169/

http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8

http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8

http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6

http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3

http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2

http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2

http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7

http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html

http://www.debian.org/security/2016/dsa-3431

http://www.ocert.org/advisories/ocert-2015-012.html

https://www.exploit-db.com/exploits/39169/