ID CVE-2015-5306
Summary OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:ironic_inspector:*:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:ironic_inspector:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 12-02-2023 - 23:15)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2015:1929
  • rhsa
    id RHSA-2015:2685
rpms
  • openstack-ironic-discoverd-0:1.1.0-8.el7ost
  • openstack-ironic-discoverd-ramdisk-0:1.1.0-8.el7ost
  • python-ironic-discoverd-0:1.1.0-8.el7ost
  • openstack-ironic-discoverd-0:0.2.5-2.el7ost
refmap via4
confirm
Last major update 12-02-2023 - 23:15
Published 25-11-2015 - 20:59
Last modified 12-02-2023 - 23:15
Back to Top