CVE-2015-5160

Опубликовано: 20 авг. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

Ссылки

http://rhn.redhat.com/errata/RHSA-2016-2577.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/07/21/3
Mailing List
Third Party Advisory
https://bugs.launchpad.net/ossn/+bug/1686743
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1245647
Issue Tracking
Third Party Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0079
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2577.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/07/21/3
Mailing List
Third Party Advisory
https://bugs.launchpad.net/ossn/+bug/1686743
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1245647
Issue Tracking
Third Party Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0079
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*

Версия до 2.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00145

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-5160

CVSS3: 5.5

ubuntu

около 7 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2015-5160

CVSS3: 3.3

redhat

около 10 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

CVE-2015-5160

CVSS3: 5.5

debian

около 7 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line ...

GHSA-57w8-4258-hhvg

CVSS3: 5.5

github

больше 3 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

ELSA-2016-2577

oracle-oval

почти 9 лет назад

ELSA-2016-2577: libvirt security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 36%

0.00145

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200