CVE-2015-5306: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell).
References
- rhn.redhat.com/errata/RHSA-2015-2685.html
- access.redhat.com/errata/RHSA-2015:1929
- access.redhat.com/errata/RHSA-2015:2685
- access.redhat.com/security/cve/CVE-2015-5306
- bugs.launchpad.net/ironic-inspector/+bug/1506419
- bugzilla.redhat.com/show_bug.cgi?id=1273698
- github.com/advisories/GHSA-x64g-wjmw-w328
- nvd.nist.gov/vuln/detail/CVE-2015-5306
- opendev.org/openstack/ironic-inspector/commit/77d0052c5133034490386fbfadfdb1bdb49aa44f
Detect and mitigate CVE-2015-5306 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →