5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.8%
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
CPE | Name | Operator | Version |
---|---|---|---|
tripleo-heat-templates | lt | 0.8.10 |
access.redhat.com/errata/RHSA-2015:2650
bugs.launchpad.net/tripleo/+bug/1516027
github.com/advisories/GHSA-m94p-8942-pm49
github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c
github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42
nvd.nist.gov/vuln/detail/CVE-2015-5303
opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c
opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.8%