CVE-2015-7945 — Vulnetix

CVE-2015-7945 REJECTED

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.

EPSS 13.55% · 94.4th percentile

Risk Scores

EPSS Score

13.55%

94.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	ganeti	0
Ubuntu:16.04:LTS	ganeti	0, 2.15.1-1, 2.15.2-1

Exploit Intelligence

…and 9 more exploits

Timeline

Jan 5, 2016 PoC Published
Aug 18, 2017 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-7945 third-party-advisory
http://www.ocert.org/advisories/ocert-2015-012.html third-party-advisory
http://git.ganeti.org/?p=ganeti.git;a=commit;h=09fb8fc73c5fe33756cc63036d121b3d6dfa3f64 third-party-advisory
http://git.ganeti.org/?p=ganeti.git;a=commit;h=6e94ad76446904961744f9b0826414a5e4120693 third-party-advisory
http://git.ganeti.org/?p=ganeti.git;a=commit;h=6d44be24c50944fc35de7a490bc836938a82e1df third-party-advisory
http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-7945 third-party-advisory

Open in Interactive Console →