{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-07T00:00:00", "descriptions": [{"lang": "en", "value": "The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-07-22T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:0791", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0791.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"}, {"name": "74049", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74049"}, {"name": "RHSA-2015:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0831.html"}, {"name": "RHSA-2015:0832", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0832.html"}, {"name": "RHSA-2015:0789", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0789.html"}, {"name": "RHSA-2015:0830", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0830.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.298Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:0791", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0791.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"}, {"name": "74049", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74049"}, {"name": "RHSA-2015:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0831.html"}, {"name": "RHSA-2015:0832", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0832.html"}, {"name": "RHSA-2015:0789", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0789.html"}, {"name": "RHSA-2015:0830", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0830.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1842", "datePublished": "2015-04-10T14:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.298Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3B3DE0C-0957-4D40-84FE-D018F9940AC1", "versionEndIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors."}, {"lang": "es", "value": "Puppet Manifests en el paquete openstack-puppet-modules de Red Hat anterior a 2014.2.13-2 utiliza una contrase\u00f1o por defecto de CHANGEME para el demonio pcsd, lo que permite a atacantes remotos ejecutar comandos de shell arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-1842", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-10T15:00:02.007", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0789.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0791.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0830.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0831.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0832.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/74049"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0789.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0791.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0830.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0831.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Alessandro Vozza (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0830", "cpe": "cpe:/a:redhat:openstack-installer:5::el6", "package": "augeas-0:1.0.0-7.el6_6.1", "product_name": "OpenStack Foreman for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0830", "cpe": "cpe:/a:redhat:openstack-installer:5::el6", "package": "openstack-foreman-installer-0:2.0.34-1.el6ost", "product_name": "OpenStack Foreman for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0830", "cpe": "cpe:/a:redhat:openstack-installer:5::el6", "package": "openstack-puppet-modules-0:2014.1.2-1.el6ost", "product_name": "OpenStack Foreman for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0830", "cpe": "cpe:/a:redhat:openstack-installer:5::el6", "package": "rhel-osp-installer-1:0.4.7-2.el6ost", "product_name": "OpenStack Foreman for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0830", "cpe": "cpe:/a:redhat:openstack-installer:5::el6", "package": "ruby193-rubygem-staypuft-0:0.4.15-1.el6ost", "product_name": "OpenStack Foreman for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0832", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-packstack-0:2014.1.1-0.46.dev1280.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0832", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-puppet-modules-0:2014.1.2-1.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0831", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-packstack-0:2014.1.1-0.46.dev1280.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0831", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-puppet-modules-0:2014.1.2-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0791", "cpe": "cpe:/a:redhat:openstack-installer:6::el7", "package": "foreman-discovery-image-0:7.0-20150227.0.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 Installer", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0791", "cpe": "cpe:/a:redhat:openstack-installer:6::el7", "package": "foreman-proxy-0:1.6.0.30-6.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 Installer", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0791", "cpe": "cpe:/a:redhat:openstack-installer:6::el7", "package": "openstack-foreman-installer-0:3.0.22-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 Installer", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0791", "cpe": "cpe:/a:redhat:openstack-installer:6::el7", "package": "openstack-puppet-modules-0:2014.2.13-2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 Installer", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0791", "cpe": "cpe:/a:redhat:openstack-installer:6::el7", "package": "rhel-osp-installer-1:0.5.7-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 Installer", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0791", "cpe": "cpe:/a:redhat:openstack-installer:6::el7", "package": "ruby193-rubygem-staypuft-0:0.5.22-1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 Installer", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0789", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-packstack-0:2014.2-0.20.dev1467.g70c9655.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-04-07T00:00:00Z"}, {"advisory": "RHSA-2015:0789", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-puppet-modules-0:2014.2.13-2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-04-07T00:00:00Z"}], "bugzilla": {"description": "openstack-puppet-modules: pacemaker configured with default password", "id": "1201875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201875"}, "csaw": false, "cvss": {"cvss_base_score": "9.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-798", "details": ["The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.", "It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root."], "name": "CVE-2015-1842", "package_state": [{"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Affected", "package_name": "openstack-foreman-installer", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Affected", "package_name": "openstack-puppet-modules", "product_name": "Red Hat OpenStack Platform 4"}], "public_date": "2015-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1842\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1842"], "statement": "Red Hat Product Security has rated this issue as having Important security impact, a future update will address the flaw.\nAs a mitigation against this issue, any system deployed using the affected component should have the 'hacluster' password changed before being placed into production or on an untrusted network.\nAn article with more detailed information is available to customers here:\nhttps://access.redhat.com/articles/1396123", "threat_severity": "Important"}

{}