Lucene search
K

5 matches found

OSV
OSV
added 2016/07/12 7:59 p.m.5 views

DEBIAN-CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

7.5CVSS6.6AI score0.02836EPSS
Exploits0References1
OSV
OSV
added 2016/07/12 7:59 p.m.5 views

UBUNTU-CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

7.5CVSS6.9AI score0.02836EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2016/07/12 12:0 a.m.3 views

PT-2016-6206

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 4.2.5 Liberty OpenStack Ironic versions 5.x prior to 5.1.2 Mitaka Description The issue allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC addre...

7.5CVSS6.9AI score0.02836EPSS
Exploits0References30
RedHat Linux
RedHat Linux
added 2016/07/04 5:49 a.m.6 views

openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...

7.5CVSS5.8AI score0.02836EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/07/04 5:49 a.m.5 views

openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...

7.5CVSS5.8AI score0.02836EPSS
Exploits0References4
Rows per page
Query Builder