CVE-2016-4985 — OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor

Description

The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.

How to fix CVE-2016-4985

To remediate CVE-2016-4985, upgrade the affected package to a fixed version below.

—upgrade to 1:5.1.2-1 or later
—upgrade to 4.2.5 or later

Is CVE-2016-4985 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1:5.1.2-1
from 0, < 4.2.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (15)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-4985
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2016-4985
PATCHgithub.com/openstack/ironic
WEBaccess.redhat.com/errata/RHSA-2016:1377
WEBaccess.redhat.com