GitHub Advisory DatabaseGHSA-M94P-8942-PM49OpenStack TripleO Heat templates spoof metadata requests
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.8%
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tripleo-heat-templates | lt | 0.8.10 |
References
access.redhat.com/errata/RHSA-2015:2650
bugs.launchpad.net/tripleo/+bug/1516027
github.com/advisories/GHSA-m94p-8942-pm49
github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c
github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42
nvd.nist.gov/vuln/detail/CVE-2015-5303
opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c
opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.8%