Candidate: CVE-2015-9543
PublicDate: 2020-02-19 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
 https://review.opendev.org/220622
Description:
 An issue was discovered in OpenStack Nova before 18.2.4, 19.x before
 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log
 files. An attacker with read access to the service's logs may obtain tokens
 used for console access. All Nova setups using novncproxy are affected.
 This is related to NovaProxyRequestHandlerBase.new_websocket_client in
 console/websocketproxy.py.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://launchpad.net/bugs/1492140
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]


Patches_nova:
upstream_nova: needs-triage
precise/esm_nova: DNE
trusty_nova: ignored (out of standard support)
trusty/esm_nova: DNE
xenial_nova: ignored (end of standard support, was needed)
esm-infra/xenial_nova: needed
bionic_nova: needed
eoan_nova: ignored (reached end-of-life)
focal_nova: released (2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1)
groovy_nova: released (2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1)
hirsute_nova: released (2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1)
impish_nova: released (2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1)
jammy_nova: released (2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1)
devel_nova: released (2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1)