ALT-PU-2016-2075-1
Closed vulnerabilities
Published: 2018-08-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5160
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- RHSA-2016:2577
- RHSA-2016:2577
- [oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu
- [oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu
- https://bugs.launchpad.net/ossn/+bug/1686743
- https://bugs.launchpad.net/ossn/+bug/1686743
- https://bugzilla.redhat.com/show_bug.cgi?id=1245647
- https://bugzilla.redhat.com/show_bug.cgi?id=1245647
- https://wiki.openstack.org/wiki/OSSN/OSSN-0079
- https://wiki.openstack.org/wiki/OSSN/OSSN-0079