Remote Spoofing Vulnerability in OpenStack Networking by Red Hat
CVE-2015-5303
7.5HIGH
Summary
The vulnerability in the TripleO Heat templates allows malicious actors to spoof OpenStack Networking metadata requests. By exploiting the default value of the NeutronMetadataProxySharedSecret parameter, attackers can deceive the system into believing their requests are legitimate. This can lead to unauthorized access and manipulation of sensitive metadata within OpenStack deployments, posing risks to cloud infrastructure security.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved