CVE-2015-9543

CVE Database · CVE-2015-9543

CVE-2015-9543

· LOWModified

CVSS v3.1

3.3

EPSS

0.41%

Published

Feb 19, 2020

Modified

Nov 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (3)

openstack · nova (up to 18.2.4)vulnerable

openstack · nova (up to 19.1.0)vulnerable

openstack · nova (up to 20.1.0)vulnerable

References (8)

http://www.openwall.com/lists/oss-security/2020/02/19/2

Mailing ListPatchThird Party Advisory

https://launchpad.net/bugs/1492140