CVE-2015-9543: 
Python vulnerability analysis and mitigation

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0 that could leak consoleauth tokens into log files. The vulnerability was reported by Paul Carlton from HP and was disclosed on February 19, 2020. The issue affects all Nova setups using novncproxy functionality (OpenStack Advisory).

The vulnerability is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py, where authentication tokens used for console access are being logged at INFO level in the service's logs. The issue received a CVSS 3.1 Base Score of 3.3 (LOW) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

An attacker with read access to the service's logs may obtain tokens used for console access. These tokens have a default Time-To-Live (TTL) of 10 minutes and could potentially be used to gain unauthorized access to instance consoles (OSS Security).

The issue has been fixed in multiple OpenStack releases with patches available for Queens, Rocky, Stein, Train, and Ussuri branches. Organizations should upgrade to Nova versions 18.2.4, 19.1.0, or 20.1.0 or later depending on their deployment version. For systems that cannot be immediately upgraded, administrators should restrict access to the nova-novncproxy service logs (OpenStack Advisory).