CVE-2015-5306

OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
openstackironic_inspector
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ironic-inspector
bookworm
11.1.0-2
fixed
bullseye
10.4.1-1
fixed
sid
12.3.0-2
fixed
trixie
12.3.0-2
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-2685.html
https://access.redhat.com/errata/RHSA-2015:1929
https://bugs.launchpad.net/ironic-inspector/+bug/1506419
https://bugzilla.redhat.com/show_bug.cgi?id=1273698
http://rhn.redhat.com/errata/RHSA-2015-2685.html
https://access.redhat.com/errata/RHSA-2015:1929
https://bugs.launchpad.net/ironic-inspector/+bug/1506419
https://bugzilla.redhat.com/show_bug.cgi?id=1273698