Описание
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell).
Дополнительная информация
Статус:
6 Medium
CVSS2
Связанные уязвимости
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), ...
Injection vulnerability that affects ironic-discoverd
6 Medium
CVSS2