CVE-2020-10755 — Insufficiently Protected Credentials in Redhat Openstack-cinder
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 10
Latest updateMay 24
Description
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw e…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5red_hat/openstack-cinderall openstack-cinder 15.x.x versions before openstack-cinder 15.2.0, all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0, all openstack-cinder versions before openstack-cinder 14.1.0+2
Also affects: Ubuntu Linux 18.04, 20.04