Source: nova Version: 2:20.0.0-3 Severity: important Tags: security upstream Forwarded: https://launchpad.net/bugs/1492140 Control: found -1 2:18.1.0-6 Control: found -1 2:14.0.0-4+deb9u1
Hi, The following vulnerability was published for nova. CVE-2015-9543[0]: | An issue was discovered in OpenStack Nova before 18.2.4, 19.x before | 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into | log files. An attacker with read access to the service's logs may | obtain tokens used for console access. All Nova setups using | novncproxy are affected. This is related to | NovaProxyRequestHandlerBase.new_websocket_client in | console/websocketproxy.py. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-9543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543 [1] https://launchpad.net/bugs/1492140 Regards, Salvatore
