The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2015:2650 | Vendor Advisory |
Configurations
History
13 Feb 2023, 00:53
Type | Values Removed | Values Added |
---|---|---|
Summary | The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | |
References |
|
02 Feb 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in the director (openstack-tripleo-heat-templates) where the RabbitMQ credentials defaulted to guest/guest and supplied values in the configuration were not used. As a result, all deployed overclouds used the same credentials (guest/guest). A remote non-authenticated attacker could use this flaw to access RabbitMQ services in the deployed cloud. |
Information
Published : 2016-04-11 21:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5329
Mitre link : CVE-2015-5329
CVE.ORG link : CVE-2015-5329
JSON object : View
Products Affected
redhat
- openstack
CWE
CWE-264
Permissions, Privileges, and Access Controls