cve/2015/CVE-2015-7945.md

### [CVE-2015-7945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7945)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.

### POC

#### Reference
- http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
- https://www.exploit-db.com/exploits/39169/

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-7945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7945)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html`
			`- https://www.exploit-db.com/exploits/39169/`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`