{"id":"CVE-2015-7945","details":"The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.","modified":"2026-04-10T03:46:28.963979Z","published":"2017-08-18T17:29:01Z","references":[{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.10/html/news.html#version-2-10-8"},{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.11/html/news.html#version-2-11-8"},{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.12/html/news.html#version-2-12.6"},{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.13/html/news.html#version-2-13-3"},{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.14/html/news.html#version-2-14-2"},{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.15/html/news.html#version-2-15-2"},{"type":"ADVISORY","url":"http://docs.ganeti.org/ganeti/2.9/html/news.html#version-2-9-7"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3431"},{"type":"ADVISORY","url":"http://www.ocert.org/advisories/ocert-2015-012.html"},{"type":"FIX","url":"http://packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html"},{"type":"FIX","url":"http://www.ocert.org/advisories/ocert-2015-012.html"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/39169/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}