CVE-2016-4985 – openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users

https://notcve.org/view.php?id=CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. El servicio ironic-api en OpenStack Ironic en versiones anteriores a 4.2.5 (Liberty) y 5.x en versiones anteriores a 5.1.2 (Mitaka) permite a atacantes remotos obtener información sensible sobre un nodo registro aprovechando el conocimiento de la dirección MAC de una tarjeta de red que pertenece a ese nodo y enviar una petición POST manipulada para el recurso v1/drivers/$DRIVER_NAME/vendor_passthru. An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. • http://www.openwall.com/lists/oss-security/2016/06/21/6 https://access.redhat.com/errata/RHSA-2016:1377 https://access.redhat.com/errata/RHSA-2016:1378 https://bugs.launchpad.net/ironic/+bug/1572796 https://review.openstack.org/332195 https://review.openstack.org/332196 https://review.openstack.org/332197 https://access.redhat.com/security/cve/CVE-2016-4985 https://bugzilla.redhat.com/show_bug.cgi?id=1346193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-290: Authentication Bypass by Spoofing •