CVE-2016-4985

HIGH

OpenStack Ironic < 4.2.5 and 5.x < 5.1.2 - Unauthenticated Sensitive Information Exposure via Vendor Passthru Request

Title source: llm
STIX 2.1

Description

The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
https://review.openstack.org/332197
Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/ironic/+bug/1572796
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/21/6
Various Sources x_refsource_confirm
https://review.openstack.org/332195
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1378
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1377
Various Sources x_refsource_confirm
https://review.openstack.org/332196

Scores

CVSS v3 7.5
EPSS 0.0284
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (6)
canonical/openstack_ironic 5.1.0
canonical/openstack_ironic 5.1.1
canonical/openstack_ironic < 4.2.4
pypi/ironic 0 - 4.2.5PyPI
redhat/openstack 7.0
redhat/openstack 8
Published Jul 12, 2016
Tracked Since Feb 18, 2026