The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
References
Link | Resource |
---|---|
http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8 | Release Notes Vendor Advisory |
http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8 | Release Notes Vendor Advisory |
http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6 | Release Notes Vendor Advisory |
http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3 | Release Notes Vendor Advisory |
http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2 | Release Notes Vendor Advisory |
http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2 | Release Notes Vendor Advisory |
http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7 | Release Notes Vendor Advisory |
http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html | Patch Third Party Advisory VDB Entry |
http://www.debian.org/security/2016/dsa-3431 | |
http://www.ocert.org/advisories/ocert-2015-012.html | Patch Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/39169/ |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-08-18 17:29
Updated : 2024-02-28 16:04
NVD link : CVE-2015-7945
Mitre link : CVE-2015-7945
CVE.ORG link : CVE-2015-7945
JSON object : View
Products Affected
spi-inc
- ganeti
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor