CVE-2015-5306 - Vulnerability Details

Vendors	Products
Openstack	Ironic Inspector
Redhat	Openstack Openstack-director

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
openstack-ironic-discoverd-0:0.2.5-2.el7ost	cpe:/a:redhat:openstack:6::el7	RHSA-2015:2685	2015-12-21T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7
openstack-ironic-discoverd-0:1.1.0-8.el7ost	cpe:/a:redhat:openstack-director:7::el7	RHSA-2015:1929	2015-10-22T00:00:00Z

Link	Providers
http://rhn.redhat.com/errata/RHSA-2015-2685.html
https://access.redhat.com/errata/RHSA-2015:1929
https://bugs.launchpad.net/ironic-inspector/+bug/1506419
https://bugzilla.redhat.com/show_bug.cgi?id=1273698
https://nvd.nist.gov/vuln/detail/CVE-2015-5306
https://www.cve.org/CVERecord?id=CVE-2015-5306

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1929", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"name": "RHSA-2015:2685", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:09.264Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1929", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"name": "RHSA-2015:2685", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5306", "datePublished": "2015-11-25T20:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:09.264Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-10-22T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-05T14:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : RHSA-2015:1929 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2015:1929 (string)

}

1 : { »

name : RHSA-2015:2685 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2685.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1273698 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugs.launchpad.net/ironic-inspector/+bug/1506419 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:41:09.264Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : RHSA-2015:1929 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2015:1929 (string)

}

1 : { »

name : RHSA-2015:2685 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2685.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1273698 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugs.launchpad.net/ironic-inspector/+bug/1506419 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2015-5306 (string)

datePublished : 2015-11-25T20:00:00 (string)

dateReserved : 2015-07-01T00:00:00 (string)

dateUpdated : 2024-08-06T06:41:09.264Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:ironic_inspector:*:*:*:*:*:*:*:*", "matchCriteriaId": "95F96F39-A887-4A85-A241-DD55138418C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error."}, {"lang": "es", "value": "OpenStack Ironic Inspector (tambi\u00e9n conocido como ironic-inspector o ironic-discoverd), cuando el modo depurardor est\u00e1 habilitado, podr\u00eda permitir a atacantes remotos acceder a la consola Flask y ejecutar c\u00f3digo Python arbitrario desencadenando un error."}], "id": "CVE-2015-5306", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-25T20:59:06.273", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-2685.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2015:1929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugs.launchpad.net/ironic-inspector/+bug/1506419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openstack:ironic_inspector:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 95F96F39-A887-4A85-A241-DD55138418C6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. (string)

}

1 : { »

lang : es (string)

value : OpenStack Ironic Inspector (también conocido como ironic-inspector o ironic-discoverd), cuando el modo depurardor está habilitado, podría permitir a atacantes remotos acceder a la consola Flask y ejecutar código Python arbitrario desencadenando un error. (string)

}

]

id : CVE-2015-5306 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-11-25T20:59:06.273 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2015-2685.html (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2015:1929 (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://bugs.launchpad.net/ironic-inspector/+bug/1506419 (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1273698 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-2685.html (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2015:1929 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://bugs.launchpad.net/ironic-inspector/+bug/1506419 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1273698 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-254 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2015:2685", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "openstack-ironic-discoverd-0:0.2.5-2.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-12-21T00:00:00Z"}, {"advisory": "RHSA-2015:1929", "cpe": "cpe:/a:redhat:openstack-director:7::el7", "package": "openstack-ironic-discoverd-0:1.1.0-8.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7", "release_date": "2015-10-22T00:00:00Z"}], "bugzilla": {"description": "openstack-ironic-discoverd: potential remote code execution with debug mode enabled", "id": "1273698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-749", "details": ["OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.", "It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was  in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell)."], "name": "CVE-2015-5306", "public_date": "2015-10-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5306\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5306"], "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2015:2685 (string)

cpe : cpe:/a:redhat:openstack:6::el7 (string)

package : openstack-ironic-discoverd-0:0.2.5-2.el7ost (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (string)

release_date : 2015-12-21T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:1929 (string)

cpe : cpe:/a:redhat:openstack-director:7::el7 (string)

package : openstack-ironic-discoverd-0:1.1.0-8.el7ost (string)

product_name : Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7 (string)

release_date : 2015-10-22T00:00:00Z (string)

}

]

bugzilla : { »

description : openstack-ironic-discoverd: potential remote code execution with debug mode enabled (string)

id : 1273698 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1273698 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.0 (string)

cvss_scoring_vector : AV:N/AC:M/Au:S/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-749 (string)

details : [ »

0 : OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. (string)

1 : It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell). (string)

]

name : CVE-2015-5306 (string)

public_date : 2015-10-15T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-5306 https://nvd.nist.gov/vuln/detail/CVE-2015-5306 (string)

]

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object