EPSS
Percentile
15.5%
nova is vulnerable to information disclosure. The vulnerability exists as the novncproxy tokens are logged in plaintext when it is sent through the web socket proxy.
novncproxy
www.openwall.com/lists/oss-security/2020/02/19/2
bugzilla.redhat.com/show_bug.cgi?id=1805386
github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
launchpad.net/bugs/1492140
review.opendev.org/220622
security.openstack.org/ossa/OSSA-2020-001.html