CVE-2015-1842 — Hard-coded Credentials in Redhat Openstack

CWE-255 CWE-798 — Hard-coded Credentials5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

4.8%

top 10.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack

Timeline

PublishedApr 10

Latest updateMay 17

Description

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/openstack6.0

🔴Vulnerability Details

GHSA

GHSA-x735-34cq-fm2q: The puppet manifests in the Red Hat openstack-puppet-modules package before 2014↗2022-05-17

▶

CVEList

CVE-2015-1842: The puppet manifests in the Red Hat openstack-puppet-modules package before 2014↗2015-04-10

▶

📋Vendor Advisories

Red Hat

openstack-puppet-modules: pacemaker configured with default password↗2015-03-10

▶

💬Community

Bugzilla

CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password↗2015-03-13

▶