Remote Spoofing Vulnerability in OpenStack Networking by Red Hat
CVE-2015-5303

7.5HIGH

Key Information:

Vendor
Openstack
Vendor
CVE Published:
11 April 2016

Summary

The vulnerability in the TripleO Heat templates allows malicious actors to spoof OpenStack Networking metadata requests. By exploiting the default value of the NeutronMetadataProxySharedSecret parameter, attackers can deceive the system into believing their requests are legitimate. This can lead to unauthorized access and manipulation of sensitive metadata within OpenStack deployments, posing risks to cloud infrastructure security.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.