CVE-2015-5306: Injection vulnerability that affects ironic-discoverd
(updated )
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
References
- access.redhat.com/errata/RHSA-2015:1929
- access.redhat.com/errata/RHSA-2015:2685
- access.redhat.com/security/cve/CVE-2015-5306
- bugs.launchpad.net/ironic-inspector/+bug/1506419
- bugzilla.redhat.com/show_bug.cgi?id=1273698
- github.com/advisories/GHSA-x64g-wjmw-w328
- github.com/pypa/advisory-database/tree/main/vulns/ironic-inspector/PYSEC-2015-28.yaml
- nvd.nist.gov/vuln/detail/CVE-2015-5306
- opendev.org/openstack/ironic-inspector
- opendev.org/openstack/ironic-inspector/commit/2c64da2bee6eeea27c08eb7a94894feaa5494910
- opendev.org/openstack/ironic-inspector/commit/77d0052c5133034490386fbfadfdb1bdb49aa44f
Detect and mitigate CVE-2015-5306 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →