The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2015:2650 | Vendor Advisory |
https://bugs.launchpad.net/tripleo/+bug/1516027 |
Configurations
History
No history.
Information
Published : 2016-04-11 21:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5303
Mitre link : CVE-2015-5303
CVE.ORG link : CVE-2015-5303
JSON object : View
Products Affected
openstack
- tripleo_heat_templates
CWE
CWE-254
7PK - Security Features