1348817 – CVE-2016-4985 openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users [openstack-rdo]

RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/

Bug 1348817 - CVE-2016-4985 openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users [openstack-rdo]

Summary: CVE-2016-4985 openstack-ironic: Ironic Node information including credentials...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RDO
Classification:	Community
Component:	openstack-ironic
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	trunk
Assignee:	Alan Pevec
QA Contact:	Toure Dunnon
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2016-4985
TreeView+	depends on / blocked

Reported:	2016-06-22 07:21 UTC by Adam Mariš
Modified:	2017-06-18 07:38 UTC (History)
CC List:	14 users (show)
Fixed In Version:	openstack-ironic-4.2.5-1.el7 openstack-ironic-5.1.2-1.el7
Clone Of:
Environment:
Last Closed:	2017-06-18 07:38:42 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Adam Mariš 2016-06-22 07:21:04 UTC

This as an RDO Project security tracking bug against openstack-ironic. It was created
to ensure that one or more security vulnerabilities are fixed.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

[bug automatically created by: add-tracking-bugs]

Comment 1 Dmitry Tantsur 2016-06-22 10:57:33 UTC

Hi Alan!

Could you please rebase Ironic on all supported branches to fix this CVE? The versions are: Liberty - 4.2.5, Mitaka - 5.1.2, Newton - 6.0.0 (probably not needed).

Comment 2 Alan Pevec 2016-06-22 14:42:09 UTC

Newton is continuously built in RDO Trunk master repo, I'll build liberty and newton in CBS.

Note You need to log in before you can comment on or make changes to this bug.