Red Hat, Inc. (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Red Hat, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

https://access.redhat.com/security/cve/CVE-2016-4985 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1346193 [No Types Assigned]