{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7945", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8" }, { "name": "http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6" }, { "name": "DSA-3431", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3431" }, { "name": "http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3" }, { "name": "http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2" }, { "name": "http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html" }, { "name": "39169", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39169/" }, { "name": "http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7" }, { "name": "http://www.ocert.org/advisories/ocert-2015-012.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2015-012.html" }, { "name": "http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8" }, { "name": "http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2", "refsource": "CONFIRM", "url": "http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2" } ] } }