The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
04 Aug 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* |
Information
Published : 2016-07-12 19:59
Updated : 2024-02-04 18:53
NVD link : CVE-2016-4985
Mitre link : CVE-2016-4985
CVE.ORG link : CVE-2016-4985
JSON object : View
Products Affected
redhat
- openstack
canonical
- openstack_ironic
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor