Launchpad CVE tracker

CVE 2015-5306

OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.

Related bugs and status

CVE-2015-5306 (Candidate) is related to these bugs:

Bug #1506419: Running Flask server in debug mode may be a security issue

		In	Importance	Status
1506419	Running Flask server in debug mode may be a security issue	Ironic Inspector	High	Fix Released
1506419	Running Flask server in debug mode may be a security issue	Ironic Inspector liberty	High	Fix Released
1506419	Running Flask server in debug mode may be a security issue	Ironic Inspector mitaka	High	Fix Released
1506419	Running Flask server in debug mode may be a security issue	OpenStack Security Advisory	Undecided	Won't Fix
1506419	Running Flask server in debug mode may be a security issue	Ironic Inspector kilo	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: https://access.redhat....
MISC: http://rhn.redhat.com/...
MISC: https://bugs.launchpad...

Launchpad.net

CVE 2015-5306

Related bugs and status

Related bugs

References