CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
redhatopenstack
7.0
canonicalopenstack_ironic
𝑥
≤ 4.2.4
canonicalopenstack_ironic
5.1.0
canonicalopenstack_ironic
5.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ironic
bullseye
1:16.0.3-1
fixed
bookworm
1:21.1.0-3
fixed
trixie
1:24.1.1-3
fixed
sid
1:26.1.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ironic
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 1:5.1.2-0ubuntu1
released
wily
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/06/21/6
https://access.redhat.com/errata/RHSA-2016:1377
https://access.redhat.com/errata/RHSA-2016:1378
https://bugs.launchpad.net/ironic/+bug/1572796
https://review.openstack.org/332195
https://review.openstack.org/332196
https://review.openstack.org/332197
http://www.openwall.com/lists/oss-security/2016/06/21/6
https://access.redhat.com/errata/RHSA-2016:1377
https://access.redhat.com/errata/RHSA-2016:1378
https://bugs.launchpad.net/ironic/+bug/1572796
https://review.openstack.org/332195
https://review.openstack.org/332196
https://review.openstack.org/332197