CVE-2016-4985

EUVD-2022-3715
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
redhatopenstack
7.0
canonicalopenstack_ironic
𝑥
≤ 4.2.4
canonicalopenstack_ironic
5.1.0
canonicalopenstack_ironic
5.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ironic
bookworm
1:21.1.0-3
fixed
bullseye
1:16.0.3-1
fixed
sid
1:26.1.1-1
fixed
trixie
1:24.1.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ironic
artful
ignored
bionic
not-affected
cosmic
not-affected
precise
dne
trusty
dne
wily
ignored
xenial
Fixed 1:5.1.2-0ubuntu1
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/06/21/6
https://access.redhat.com/errata/RHSA-2016:1377
https://access.redhat.com/errata/RHSA-2016:1378
https://bugs.launchpad.net/ironic/+bug/1572796
https://review.openstack.org/332195
https://review.openstack.org/332196
https://review.openstack.org/332197
http://www.openwall.com/lists/oss-security/2016/06/21/6
https://access.redhat.com/errata/RHSA-2016:1377
https://access.redhat.com/errata/RHSA-2016:1378
https://bugs.launchpad.net/ironic/+bug/1572796
https://review.openstack.org/332195
https://review.openstack.org/332196
https://review.openstack.org/332197