Lucene search
PRIOn knowledge basePRION:CVE-2016-4985HistoryJul 12, 2016 - 7:59 p.m.
Code injection
2016-07-1219:59:00
PRIOn knowledge base
www.prio-n.com
1
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openstack_ironic | le | 4.2.4 | |
| openstack_ironic | eq | 5.1.1 | |
| openstack_ironic | eq | 5.1.0 | |
| openstack | eq | 7.0 | |
| openstack | eq | 8 |
Related
redhat
redhat
(RHSA-2016:1377) Moderate: openstack-ironic security update
2016-07-04 05:39:46
(RHSA-2016:1378) Moderate: openstack-ironic security update
2016-07-04 05:39:51
cve
cve
CVE-2016-4985
2016-07-12 19:59:04
redhatcve
redhatcve
CVE-2016-4985
2016-06-22 07:48:50
veracode
veracode
Information Disclosure
2019-01-15 09:12:02
debiancve
debiancve
CVE-2016-4985
2016-07-12 19:59:04
cvelist
cvelist
CVE-2016-4985
2016-07-12 19:00:00
nvd
nvd
CVE-2016-4985
2016-07-12 19:59:04
github
github
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
2022-05-13 01:07:34
ubuntucve
ubuntucve
CVE-2016-4985
2016-07-12 00:00:00