How severe is CVE-2020-10755?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-10755?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2020-10755 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project

Related Vulnerabilities

CVE-2017-18695

MEDIUM

CVSS:6.5(Medium)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email ...

CWE-5222017

CVE-2018-17871

MEDIUM

CVSS:6.5(Medium)

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.

CWE-5222018

CVE-2018-21031

MEDIUM

CVSS:6.5(Medium)

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initi...

CWE-5222018

CVE-2019-1003045

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token...

CWE-5222019

CVE-2019-1003096

MEDIUM

CVSS:6.5(Medium)

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file syst...

CWE-5222019

CVE-2019-1003097

MEDIUM

CVSS:6.5(Medium)

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file syste...

CWE-5222019