CVE-2015-8749 — Vulnetix

CVE-2015-8749 PUBLISHED

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

EPSS 0.94% · 76.7th percentile

Risk Scores

EPSS Score

0.94%

76.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	nova	0, 1:2014.1~b1-0ubuntu1, 1:2014.1~b2-0ubuntu4

Exploit Intelligence

[oss-security] 20160107 Re: CVE request for vulnerability in OpenStack Nova (circl)
80189 (circl)
https://security.openstack.org/ossa/OSSA-2016-002.html (circl)
https://bugs.launchpad.net/nova/+bug/1516765 (circl)
[oss-security] 20160107 CVE request for vulnerability in OpenStack Nova (circl)

Timeline

Jan 15, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-8749 third-party-advisory
http://lists.openstack.org/pipermail/openstack-announce/2016-January/000916.html third-party-advisory
https://ubuntu.com/security/notices/USN-3449-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2015-8749 third-party-advisory

Open in Interactive Console →