Consoleauth Token Leakage in OpenStack Nova by OpenStack
CVE-2015-9543

3.3LOW

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
19 February 2020

Summary

A vulnerability in OpenStack Nova allows consoleauth tokens to be inadvertently written into log files. This issue is particularly problematic since an attacker with read access to service logs could potentially extract these tokens, gaining unauthorized console access to the Nova service. All installations of Nova utilizing the novncproxy functionality are impacted, specifically related to the NovaProxyRequestHandlerBase in the websocketproxy.py file.

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.