Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8749
HistoryJan 15, 2016 - 12:00 a.m.

CVE-2015-8749

2016-01-1500:00:00
ubuntu.com
ubuntu.com
12

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.0%

The volume_utils._parse_volume_info function in OpenStack Compute (Nova)
before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the
connection_info dictionary in the StorageError message when using the Xen
backend, which might allow attackers to obtain sensitive password
information by reading log files or other unspecified vectors.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchnova< 1:2014.1.5-0ubuntu1.7UNKNOWN

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.0%

Related for UB:CVE-2015-8749