CVE-2015-5329 — Hard-coded Credentials in Redhat Openstack

CWE-264 CWE-798 — Hard-coded Credentials6 documents5 sources

Severity

7.3HIGHNVD

EPSS

0.4%

top 36.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack

Timeline

PublishedApr 11

Latest updateMay 17

Description

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

▶NVDredhat/openstack7.0

🔴Vulnerability Details

GHSA

GHSA-cqm8-gw87-fxm6: The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7↗2022-05-17

▶

CVEList

CVE-2015-5329: The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7↗2016-04-11

▶

📋Vendor Advisories

Red Hat

openstack-tripleo-heat-templates: Using hardcoded rabbitmq credentials regardless of supplied values↗2015-11-11

▶

💬Community

Bugzilla

CVE-2015-5329 openstack-tripleo-heat-templates: Using hardcoded rabbitmq credentials regardless of supplied values [fedora-all]↗2015-12-15

▶

Bugzilla

CVE-2015-5329 openstack-tripleo-heat-templates: Using hardcoded rabbitmq credentials regardless of supplied values↗2015-11-13

▶