Vulnerabilities > CVE-2015-5303 - 7PK - Security Features vulnerability in Openstack Tripleo Heat Templates

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

openstack

CWE-254

NVD

Published: 2016-04-11

Updated: 2016-04-18

Summary

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Tripleo Heat Templates *	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Redhat

advisories

rhsa

id	RHSA-2015:2650

rpms

openstack-tripleo-heat-templates-0:0.8.6-94.el7ost
python-rdomanager-oscplugin-0:0.0.10-22.el7ost

References

https://access.redhat.com/errata/RHSA-2015:2650
https://bugs.launchpad.net/tripleo/+bug/1516027