openstack-ironic is vulnerable to information disclosure. An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node’s /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node’s full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.
www.openwall.com/lists/oss-security/2016/06/21/6
access.redhat.com/errata/RHSA-2016:1377
access.redhat.com/errata/RHSA-2016:1378
access.redhat.com/security/cve/CVE-2016-4985
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/ironic/+bug/1572796
bugzilla.redhat.com/show_bug.cgi?id=1346193
review.openstack.org/332195
review.openstack.org/332196
review.openstack.org/332197
rhn.redhat.com/errata/RHSA-2016-1378.html