CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
15.5%
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before
19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log
files. An attacker with read access to the service’s logs may obtain tokens
used for console access. All Nova setups using novncproxy are affected.
This is related to NovaProxyRequestHandlerBase.new_websocket_client in
console/websocketproxy.py.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | nova | < 2:17.0.13-0ubuntu5.3 | UNKNOWN |
ubuntu | 20.04 | noarch | nova | < 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | nova | < 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | nova | < 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | nova | < 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | nova | < 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | nova | < 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | nova | < 2:13.1.4-0ubuntu4.5+esm1 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
15.5%