The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-07-12T19:00:00
Updated: 2016-07-12T18:57:01
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-4985
JSON object: View
NVD Information
Status : Modified
Published: 2016-07-12T19:59:04.303
Modified: 2023-02-12T23:22:27.617
Link: CVE-2016-4985
JSON object: View
Redhat Information
No data.
CWE