High severity7.5NVD Advisory· Published Aug 18, 2017· Updated May 13, 2026

CVE-2015-7945

Description

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.htmlnvdPatchThird Party AdvisoryVDB Entry
www.ocert.org/advisories/ocert-2015-012.htmlnvdPatchThird Party AdvisoryVDB Entry
docs.ganeti.org/ganeti/2.10/html/news.htmlnvdRelease NotesVendor Advisory
docs.ganeti.org/ganeti/2.11/html/news.htmlnvdRelease NotesVendor Advisory
docs.ganeti.org/ganeti/2.12/html/news.htmlnvdRelease NotesVendor Advisory
docs.ganeti.org/ganeti/2.13/html/news.htmlnvdRelease NotesVendor Advisory
docs.ganeti.org/ganeti/2.14/html/news.htmlnvdRelease NotesVendor Advisory
docs.ganeti.org/ganeti/2.15/html/news.htmlnvdRelease NotesVendor Advisory
docs.ganeti.org/ganeti/2.9/html/news.htmlnvdRelease NotesVendor Advisory
www.debian.org/security/2016/dsa-3431nvd
www.exploit-db.com/exploits/39169/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000