The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2015:2650 | Vendor Advisory |
https://bugs.launchpad.net/tripleo/+bug/1516027 | |
https://access.redhat.com/errata/RHSA-2015:2650 | Vendor Advisory |
https://bugs.launchpad.net/tripleo/+bug/1516027 |
Configurations
History
21 Nov 2024, 02:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/errata/RHSA-2015:2650 - Vendor Advisory | |
References | () https://bugs.launchpad.net/tripleo/+bug/1516027 - |
Information
Published : 2016-04-11 21:59
Updated : 2024-11-21 02:32
NVD link : CVE-2015-5303
Mitre link : CVE-2015-5303
CVE.ORG link : CVE-2015-5303
JSON object : View
Products Affected
openstack
- tripleo_heat_templates
CWE
CWE-254
7PK - Security Features