← back
CVE-2016-4985

CVE-2016-4985

EPSS 2.8%
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2016:1377https://access.redhat.com/errata/RHSA-2016:1378https://bugs.launchpad.net/ironic/+bug/1572796https://review.openstack.org/332195https://review.openstack.org/332196https://review.openstack.org/332197http://www.openwall.com/lists/oss-security/2016/06/21/6