CVE-2015-8749

EUVD-2022-3483
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
openstacknova
12.0.0 ≤
𝑥
< 12.0.1
openstacknova
2015.1.0 ≤
𝑥
< 2015.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nova
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
bullseye
2:22.0.1-2+deb11u1
fixed
bullseye (security)
2:22.4.0-1~deb11u5
fixed
jessie
no-dsa
sid
2:30.0.0-1
fixed
trixie
2:30.0.0-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nova
precise
ignored
trusty
Fixed 1:2014.1.5-0ubuntu1.7
released
vivid
ignored
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/01/07/8
http://www.openwall.com/lists/oss-security/2016/01/07/9
http://www.securityfocus.com/bid/80189
https://bugs.launchpad.net/nova/+bug/1516765
https://security.openstack.org/ossa/OSSA-2016-002.html
http://www.openwall.com/lists/oss-security/2016/01/07/8
http://www.openwall.com/lists/oss-security/2016/01/07/9
http://www.securityfocus.com/bid/80189
https://bugs.launchpad.net/nova/+bug/1516765
https://security.openstack.org/ossa/OSSA-2016-002.html