Описание
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | openstack-ironic | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | openstack-ironic | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) | openstack-ironic | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | openstack-ironic | Fixed | RHSA-2016:1377 | 04.07.2016 |
| Red Hat OpenStack Platform 8.0 (Liberty) | openstack-ironic | Fixed | RHSA-2016:1378 | 04.07.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and ...
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2