CVE-2015-8749

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*

Information

Published : 2016-01-15 11:59

Updated : 2018-11-16 07:17


NVD link : CVE-2015-8749

Mitre link : CVE-2015-8749


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

openstack

  • nova