Consoleauth Token Leakage in OpenStack Nova by OpenStack
CVE-2015-9543
3.3LOW
Summary
A vulnerability in OpenStack Nova allows consoleauth tokens to be inadvertently written into log files. This issue is particularly problematic since an attacker with read access to service logs could potentially extract these tokens, gaining unauthorized console access to the Nova service. All installations of Nova utilizing the novncproxy functionality are impacted, specifically related to the NovaProxyRequestHandlerBase in the websocketproxy.py file.
References
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved