CVE-2016-4474Sensitive Information Exposure in Redhat Openstack

CWE-200Sensitive Information ExposureCWE-2545 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 70.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedJun 30
Latest updateMay 13

Description

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDredhat/openstack7.0, 8+1

🔴Vulnerability Details

2
GHSA
GHSA-pgc6-fg9r-vjj4: The image build process for the overcloud images in Red Hat OpenStack Platform 82022-05-13
CVEList
CVE-2016-4474: The image build process for the overcloud images in Red Hat OpenStack Platform 82016-06-30

📋Vendor Advisories

1
Red Hat
overcloud-full: Default root password set2016-06-13

💬Community

1
Bugzilla
CVE-2016-4474 overcloud-full: Default root password set2016-06-03
CVE-2016-4474 — Sensitive Information Exposure | cvebase