logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-8749

Description

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.


Affected Package


OS OS Version Package Name Package Version
Debian 12 nova 2:26.0.0-6
Debian 11 nova 2:22.0.1-2
Debian 10 nova 2:18.1.0-6
Debian 999 nova 2:26.0.0-6

Related