CVE-2015-9543

{"id": "CVE-2015-9543", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2020-02-19T03:15:10.463", "references": [{"url": "http://www.openwall.com/lists/oss-security/2020/02/19/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://launchpad.net/bugs/1492140", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://review.opendev.org/220622", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.openstack.org/ossa/OSSA-2020-001.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2020/02/19/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://launchpad.net/bugs/1492140", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://review.opendev.org/220622", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.openstack.org/ossa/OSSA-2020-001.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenStack Nova versiones anteriores a 18.2.4, versiones 19.x anteriores a 19.1.0 y versiones 20.x anteriores a 20.1.0. Puede filtrar tokens consoleauth en archivos de registro. Un atacante con acceso de lectura a los registros del servicio puede obtener tokens usados para el acceso a la consola. Todas las configuraciones de Nova que usan novncproxy est\u00e1n afectadas. Esto est\u00e1 relacionado con la funci\u00f3n NovaProxyRequestHandlerBase.new_websocket_client en el archivo console/websocketproxy.py."}], "lastModified": "2024-11-21T02:40:53.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB53B360-8BD9-4AB5-9874-06B0917DEA95", "versionEndExcluding": "18.2.4"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4264A524-3FFF-42D0-B89E-C17890606C01", "versionEndExcluding": "19.1.0", "versionStartIncluding": "19.0.0"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20E29FBC-6C14-43F1-93CE-235431088DCC", "versionEndExcluding": "20.1.0", "versionStartIncluding": "20.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}