Описание
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | not-affected | 2.16.0~rc2-1build1 |
| cosmic | not-affected | 2.16.0-1ubuntu1 |
| devel | not-affected | 2.16.0-1ubuntu1 |
| disco | not-affected | 2.16.0-1ubuntu1 |
| esm-apps/bionic | not-affected | 2.16.0~rc2-1build1 |
| esm-apps/xenial | not-affected | 2.15.2-3 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
Ссылки на источники
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
5 Medium
CVSS2
7.5 High
CVSS3