Описание
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1:5.1.2-1 |
| cosmic | not-affected | 1:5.1.2-1 |
| devel | not-affected | 1:5.1.2-1 |
| esm-apps/bionic | not-affected | 1:5.1.2-1 |
| esm-apps/xenial | released | 1:5.1.2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | code not present |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and ...
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
5 Medium
CVSS2
7.5 High
CVSS3