What is the severity of CVE-2016-4985?

CVE-2016-4985 is considered a critical vulnerability due to the ability for an unauthenticated client to access sensitive information about registered nodes.

How do I fix CVE-2016-4985?

To fix CVE-2016-4985, upgrade the Ironic package to version 5.1.2 or 4.2.5 or later.

Who is affected by CVE-2016-4985?

CVE-2016-4985 affects users of Redhat Openstack versions 7.0 and 8, as well as Canonical Openstack Ironic versions up to 4.2.4 and specific 5.1.0 and 5.1.1 versions.

What type of attack does CVE-2016-4985 enable?

CVE-2016-4985 enables unauthorized users to bypass Keystone authentication and retrieve sensitive information about nodes.

What components of Openstack are impacted by CVE-2016-4985?

CVE-2016-4985 impacts the ironic-api service within Openstack.

Vulnerability/
CVE-2016-4985

high

7.5

CWE

200

14/6/2016

12/7/2016

13/5/2022

6/8/2024

CVE-2016-4985: Infoleak

First published: Tue Jun 14 2016(Updated: )

A client with network access to the ironic-api service can bypass Keystone authentication and retrieve all information about any Node registered with Ironic, if they know (or are able to guess) the MAC address of a network card belonging to that Node, by sending a crafted POST request to the /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response will include the full Node details, including management passwords, even when /etc/ironic/policy.json is configured to hide passwords in API responses. This vulnerability has been verified in all currently supported branches (liberty, mitaka, master) and traced back to code introduced in commit 3e568fbbbcc5748035c1448a0bdb26306470797c during the Juno development cycle. Therefore, it is likely that both juno and kilo branches (and their releases) are also affected. Affected versions: >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
pip/ironic	>=5.0<5.1.2	5.1.2
pip/ironic	<4.2.5	4.2.5
Red Hat OpenStack for IBM Power	=7.0
Red Hat OpenStack for IBM Power	=8
OpenStack Ironic	<=4.2.4
OpenStack Ironic	=5.1.0
OpenStack Ironic	=5.1.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-4985?
CVE-2016-4985 is considered a critical vulnerability due to the ability for an unauthenticated client to access sensitive information about registered nodes.
How do I fix CVE-2016-4985?
To fix CVE-2016-4985, upgrade the Ironic package to version 5.1.2 or 4.2.5 or later.
Who is affected by CVE-2016-4985?
CVE-2016-4985 affects users of Redhat Openstack versions 7.0 and 8, as well as Canonical Openstack Ironic versions up to 4.2.4 and specific 5.1.0 and 5.1.1 versions.
What type of attack does CVE-2016-4985 enable?
CVE-2016-4985 enables unauthorized users to bypass Keystone authentication and retrieve sensitive information about nodes.
What components of Openstack are impacted by CVE-2016-4985?
CVE-2016-4985 impacts the ironic-api service within Openstack.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-4985
collector/github-advisory-latest
source/GitHub
alias/GHSA-f7cr-7c2c-fm8r
agent/software-canonical-lookup
agent/references
agent/severity
agent/weakness
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
agent/tags
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/pip
vendor/redhat
canonical/red hat openstack for ibm power
version/red hat openstack for ibm power/7.0
version/red hat openstack for ibm power/8
vendor/canonical
canonical/openstack ironic
version/openstack ironic/4.2.4
version/openstack ironic/5.1.0
version/openstack ironic/5.1.1