CVE-2015-8749

NameCVE-2015-8749
DescriptionThe volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)stretch (security), stretch2:14.0.0-4+deb9u1fixed
buster2:18.1.0-6fixed
bullseye, sid2:22.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasource(unstable)2:13.0.0~rc3-1

Notes

[jessie] - nova <no-dsa> (Minor issue)
[wheezy] - nova <no-dsa> (Minor issue)
https://launchpad.net/bugs/1516765
Affects: >= 2014.2 <= 2015.1.2, ==12.0.0

Search for package or bug name: Reporting problems