CVE-2015-8749

Impact:
Moderate
Public Date:
2016-01-07
Bugzilla:
1296837: CVE-2015-8749 openstack-nova: Xen connection password leak in logs via StorageError

The MITRE CVE dictionary describes this issue as:

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

Find out more about CVE-2015-8749 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux OpenStack Platform does not support the Xen hypervisor, and is therefore not affected by this flaw in any supported configuration.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat OpenStack Platform 8.0 (Liberty) openstack-nova Not affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 openstack-nova Not affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 openstack-nova Not affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) openstack-nova Not affected

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.