Bug 1346193 (CVE-2016-4985)
Summary: | CVE-2016-4985 openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, chrisw, dtantsur, gmollett, jschluet, lhh, lmartins, lpeer, markmc, mburns, rbryant, sclewis, security-response-team, slong, srevivo, tdecacqu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-12-15 05:33:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1348038, 1348039, 1348040, 1348041, 1348042, 1348817, 1348818 | ||
Bug Blocks: | 1346195 |
Description
Adam Mariš
2016-06-14 08:56:05 UTC
Acknowledgments: Name: the OpenStack Ironic project Upstream: Devananda van der Veen (IBM) Eric, could you please do a doc text check on this? thanks, Summer Public via: http://seclists.org/oss-sec/2016/q2/579 Created openstack-ironic tracking bugs for this issue: Affects: openstack-rdo [bug 1348817] Created openstack-ironic tracking bugs for this issue: Affects: fedora-all [bug 1348818] This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:1378 https://access.redhat.com/errata/RHSA-2016:1378 This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:1377 https://access.redhat.com/errata/RHSA-2016:1377 |