5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.005 Low
EPSS
Percentile
76.1%
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before
2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6,
2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows
remote attackers to obtain the DRBD secret via instance information job
results.
git.ganeti.org/?p=ganeti.git;a=commit;h=09fb8fc73c5fe33756cc63036d121b3d6dfa3f64
git.ganeti.org/?p=ganeti.git;a=commit;h=6d44be24c50944fc35de7a490bc836938a82e1df
git.ganeti.org/?p=ganeti.git;a=commit;h=6e94ad76446904961744f9b0826414a5e4120693
git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126
www.ocert.org/advisories/ocert-2015-012.html
launchpad.net/bugs/cve/CVE-2015-7945
nvd.nist.gov/vuln/detail/CVE-2015-7945
security-tracker.debian.org/tracker/CVE-2015-7945
www.cve.org/CVERecord?id=CVE-2015-7945
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.005 Low
EPSS
Percentile
76.1%