Описание
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 8 (Liberty) Director | python-tripleoclient | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7 | openstack-tripleo-heat-templates | Fixed | RHSA-2015:2650 | 21.12.2015 |
| Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7 | python-rdomanager-oscplugin | Fixed | RHSA-2015:2650 | 21.12.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
The TripleO Heat templates (tripleo-heat-templates), when deployed via ...
OpenStack TripleO Heat templates spoof metadata requests
EPSS
4.3 Medium
CVSS2