Flask Console Vulnerability in OpenStack Ironic Inspector
CVE-2015-5306

Currently unrated

Key Information:

Vendor: Openstack
Status: Ironic Inspector
Vendor: CVE Published:; 25 November 2015

What is CVE-2015-5306?

When the debug mode is activated in OpenStack Ironic Inspector, a vulnerability can be exploited by remote attackers to access the Flask console, potentially enabling execution of arbitrary Python code. This situation arises during error conditions that may inadvertently expose the debugger interface. Organizations using this product are encouraged to disable debug mode in production environments and apply available patches to mitigate this risk.

References

https://access.redhat.com/errata/RHSA-2015:1929

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2015-2685.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1273698

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2015
Vulnerability Reserved
Jul 1, 2015

Openstack

What is CVE-2015-5306?

References

Timeline