Sensitive Password Information Disclosure in OpenStack Compute (Nova)

Sensitive Password Information Disclosure in OpenStack Compute (Nova)

CVE-2015-8749 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

Learn more about our Web Application Penetration Testing UK.