CVE-2015-9543 - OpenCVE

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openstack	Nova

Configuration 1 [-]

OR	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::

References

Link	Resource
http://www.openwall.com/lists/oss-security/2020/02/19/2	Mailing List Patch Third Party Advisory
https://launchpad.net/bugs/1492140	Issue Tracking Third Party Advisory
https://review.opendev.org/220622	Third Party Advisory
https://security.openstack.org/ossa/OSSA-2020-001.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-19T02:11:06

Updated: 2020-02-19T18:06:04

Reserved: 2020-02-19T00:00:00

Link: CVE-2015-9543

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-19T03:15:10.463

Modified: 2020-02-27T19:17:01.843

Link: CVE-2015-9543

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-19T18:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/bugs/1492140"}, {"tags": ["x_refsource_MISC"], "url": "https://review.opendev.org/220622"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2020-001.html"}, {"name": "[oss-security] 20200219 [OSSA-2020-001] Nova can leak consoleauth token into log files (CVE-2015-9543)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/02/19/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-9543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1492140", "refsource": "MISC", "url": "https://launchpad.net/bugs/1492140"}, {"name": "https://review.opendev.org/220622", "refsource": "MISC", "url": "https://review.opendev.org/220622"}, {"name": "https://security.openstack.org/ossa/OSSA-2020-001.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2020-001.html"}, {"name": "[oss-security] 20200219 [OSSA-2020-001] Nova can leak consoleauth token into log files (CVE-2015-9543)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/02/19/2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9543", "datePublished": "2020-02-19T02:11:06", "dateReserved": "2020-02-19T00:00:00", "dateUpdated": "2020-02-19T18:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB53B360-8BD9-4AB5-9874-06B0917DEA95", "versionEndExcluding": "18.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "4264A524-3FFF-42D0-B89E-C17890606C01", "versionEndExcluding": "19.1.0", "versionStartIncluding": "19.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "matchCriteriaId": "20E29FBC-6C14-43F1-93CE-235431088DCC", "versionEndExcluding": "20.1.0", "versionStartIncluding": "20.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenStack Nova versiones anteriores a 18.2.4, versiones 19.x anteriores a 19.1.0 y versiones 20.x anteriores a 20.1.0. Puede filtrar tokens consoleauth en archivos de registro. Un atacante con acceso de lectura a los registros del servicio puede obtener tokens usados para el acceso a la consola. Todas las configuraciones de Nova que usan novncproxy est\u00e1n afectadas. Esto est\u00e1 relacionado con la funci\u00f3n NovaProxyRequestHandlerBase.new_websocket_client en el archivo console/websocketproxy.py."}], "id": "CVE-2015-9543", "lastModified": "2020-02-27T19:17:01.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-19T03:15:10.463", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/02/19/2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1492140"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/220622"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-001.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}