CVE-2016-4985
HIGHOpenStack Ironic < 4.2.5 and 5.x < 5.1.2 - Unauthenticated Sensitive Information Exposure via Vendor Passthru Request
Title source: llmDescription
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
https://review.openstack.org/332197
Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/ironic/+bug/1572796
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/21/6
Various Sources x_refsource_confirm
https://review.openstack.org/332195
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1378
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1377
Various Sources x_refsource_confirm
https://review.openstack.org/332196
Scores
CVSS v3
7.5
EPSS
0.0284
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (6)
canonical/openstack_ironic
5.1.0
canonical/openstack_ironic
5.1.1
canonical/openstack_ironic
< 4.2.4
pypi/ironic
0 - 4.2.5PyPI
redhat/openstack
7.0
redhat/openstack
8
Published
Jul 12, 2016
Tracked Since
Feb 18, 2026