CVE-2015-8749

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-01-15 19:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-8749

Mitre link : CVE-2015-8749

CVE.ORG link : CVE-2015-8749


JSON object : View

Products Affected

openstack

  • nova
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor