5 matches found
DEBIAN-CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
UBUNTU-CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
PT-2016-6206
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 4.2.5 Liberty OpenStack Ironic versions 5.x prior to 5.1.2 Mitaka Description The issue allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC addre...
openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...
openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...