Lucene search

[email protected]NVD:CVE-2015-5306

HistoryNov 25, 2015 - 8:59 p.m.

CVE-2015-5306

2015-11-2520:59:06

CWE-254

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.007

Percentile

79.5%

JSON

OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.

Affected configurations

Nvd

Node

openstackironic_inspector

VendorProductVersionCPE
openstackironic_inspector*cpe:2.3:a:openstack:ironic_inspector:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	ironic_inspector	*	cpe:2.3:a:openstack:ironic_inspector::::::::

References

rhn.redhat.com/errata/RHSA-2015-2685.html

access.redhat.com/errata/RHSA-2015:1929

bugs.launchpad.net/ironic-inspector/+bug/1506419

bugzilla.redhat.com/show_bug.cgi?id=1273698

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.007

Percentile

79.5%

JSON

Related for NVD:CVE-2015-5306

debiancve1 openvas1 redhat2 veracode1 osv2 prion1 fedora2 cvelist1 cve1 github1 nessus2