Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5160

Опубликовано: 10 авг. 2015
Источник: redhat
CVSS3: 3.3
CVSS2: 2.1
EPSS Низкий

Описание

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates of Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libvirtWill not fix
Red Hat Enterprise Linux 6libvirtWill not fix
Red Hat Storage 2.1libvirtNot affected
Red Hat Enterprise Linux 7libvirtFixedRHSA-2016:257703.11.2016
Red Hat Gluster Storage 3.1 for RHEL 7libvirtFixedRHSA-2016:257703.11.2016
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7libvirtFixedRHSA-2016:257703.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1245647libvirt: Ceph id/key leaked in the process list

EPSS

Процентиль: 35%
0.00145
Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5160

CVSS3: 5.5
ubuntu
около 7 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

nvd логотип

CVE-2015-5160

CVSS3: 5.5
nvd
около 7 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

debian логотип

CVE-2015-5160

CVSS3: 5.5
debian
около 7 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line ...

github логотип

GHSA-57w8-4258-hhvg

CVSS3: 5.5
github
больше 3 лет назад

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

oracle-oval логотип

ELSA-2016-2577

oracle-oval
почти 9 лет назад

ELSA-2016-2577: libvirt security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 35%
0.00145
Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2