CVE-2015-9543
LOWOpenStack Nova < 18.2.4, 19.x < 19.1.0, 20.x < 20.1.0 - Exposure of Sensitive Consoleauth Tokens in Log Files
Title source: llmDescription
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://launchpad.net/bugs/1492140
Third Party Advisory x_refsource_misc
https://review.opendev.org/220622
Patch, Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2020-001.html
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/02/19/2
Scores
CVSS v3
3.3
EPSS
0.0008
EPSS Percentile
24.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
openstack/nova
< 18.2.4
pypi/Nova
0 - 18.2.4PyPI
Published
Feb 19, 2020
Tracked Since
Feb 18, 2026