Remote Spoofing Vulnerability in OpenStack Networking by Red Hat
CVE-2015-5303

7.5HIGH

Key Information:

Vendor: Openstack
Status: Tripleo Heat Templates
Vendor: CVE Published:; 11 April 2016

Summary

The vulnerability in the TripleO Heat templates allows malicious actors to spoof OpenStack Networking metadata requests. By exploiting the default value of the NeutronMetadataProxySharedSecret parameter, attackers can deceive the system into believing their requests are legitimate. This can lead to unauthorized access and manipulation of sensitive metadata within OpenStack deployments, posing risks to cloud infrastructure security.

References

https://access.redhat.com/errata/RHSA-2015:2650

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/tripleo/+bug/1516027

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2016
Vulnerability Reserved
Jul 1, 2015