Medium severity5.9NVD Advisory· Published Jan 15, 2016· Updated Jun 17, 2026
CVE-2015-8749
CVE-2015-8749
Description
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | >= 12.0.0, < 12.0.1 | 12.0.1 |
Affected products
2Patches
Vulnerability mechanics
References
11- security.openstack.org/ossa/OSSA-2016-002.htmlnvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/01/07/8nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/01/07/9nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/80189nvdThird Party AdvisoryVDB EntryWEB
- bugs.launchpad.net/nova/+bug/1516765nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-c36r-g737-9qp8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8749ghsaADVISORY
- github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0ghsaWEB
- github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27ghsaWEB
- github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77ghsaWEB
- github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252ghsaWEB
News mentions
0No linked articles in our index yet.