{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-07-12T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/332197"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ironic/+bug/1572796"}, {"name": "[oss-security] 20160621 Ironic node information including credentials exposed to unathenticated users", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/332195"}, {"name": "RHSA-2016:1378", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1378"}, {"name": "RHSA-2016:1377", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1377"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/332196"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:46:39.912Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://review.openstack.org/332197"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ironic/+bug/1572796"}, {"name": "[oss-security] 20160621 Ironic node information including credentials exposed to unathenticated users", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://review.openstack.org/332195"}, {"name": "RHSA-2016:1378", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1378"}, {"name": "RHSA-2016:1377", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1377"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://review.openstack.org/332196"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-4985", "datePublished": "2016-07-12T19:00:00", "dateReserved": "2016-05-24T00:00:00", "dateUpdated": "2024-08-06T00:46:39.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:openstack_ironic:*:*:*:*:*:*:*:*", "matchCriteriaId": "7360655B-73F8-4038-AB31-C3CD63E1E2A9", "versionEndIncluding": "4.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:openstack_ironic:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A43B48F-A7B8-4988-8B1A-03710932128C", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:openstack_ironic:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "80295C5F-6219-47E8-BB4B-15B203686C0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource."}, {"lang": "es", "value": "El servicio ironic-api en OpenStack Ironic en versiones anteriores a 4.2.5 (Liberty) y 5.x en versiones anteriores a 5.1.2 (Mitaka) permite a atacantes remotos obtener informaci\u00f3n sensible sobre un nodo registro aprovechando el conocimiento de la direcci\u00f3n MAC de una tarjeta de red que pertenece a ese nodo y enviar una petici\u00f3n POST manipulada para el recurso v1/drivers/$DRIVER_NAME/vendor_passthru."}], "id": "CVE-2016-4985", "lastModified": "2023-02-12T23:22:27.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-12T19:59:04.303", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:1377"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:1378"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/ironic/+bug/1572796"}, {"source": "secalert@redhat.com", "url": "https://review.openstack.org/332195"}, {"source": "secalert@redhat.com", "url": "https://review.openstack.org/332196"}, {"source": "secalert@redhat.com", "url": "https://review.openstack.org/332197"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter.", "affected_release": [{"advisory": "RHSA-2016:1377", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "openstack-ironic-0:2015.1.2-4.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2016-07-04T00:00:00Z"}, {"advisory": "RHSA-2016:1378", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "openstack-ironic-1:4.2.5-1.el7ost", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2016-07-04T00:00:00Z"}], "bugzilla": {"description": "openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users", "id": "1346193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-290", "details": ["The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.", "An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses."], "name": "CVE-2016-4985", "package_state": [{"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "openstack-ironic", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "openstack-ironic", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "openstack-ironic", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2016-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4985\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4985"], "threat_severity": "Moderate"}