{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1929", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"name": "RHSA-2015:2685", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:09.264Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1929", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"name": "RHSA-2015:2685", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5306", "datePublished": "2015-11-25T20:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:09.264Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:ironic_inspector:*:*:*:*:*:*:*:*", "matchCriteriaId": "95F96F39-A887-4A85-A241-DD55138418C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error."}, {"lang": "es", "value": "OpenStack Ironic Inspector (tambi\u00e9n conocido como ironic-inspector o ironic-discoverd), cuando el modo depurardor est\u00e1 habilitado, podr\u00eda permitir a atacantes remotos acceder a la consola Flask y ejecutar c\u00f3digo Python arbitrario desencadenando un error."}], "id": "CVE-2015-5306", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-25T20:59:06.273", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:2685", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-ironic-discoverd-0:0.2.5-2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-12-21T00:00:00Z"}, {"advisory": "RHSA-2015:1929", "cpe": "cpe:/a:redhat:openstack-director:7::el7", "package": "openstack-ironic-discoverd-0:1.1.0-8.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7", "release_date": "2015-10-22T00:00:00Z"}], "bugzilla": {"description": "openstack-ironic-discoverd: potential remote code execution with debug mode enabled", "id": "1273698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-749", "details": ["OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.", "It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell)."], "name": "CVE-2015-5306", "public_date": "2015-10-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5306\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5306"], "threat_severity": "Important"}

{}