CVE-2018-10898 — Hard-coded Credentials in Tripleo Heat Templates

CWE-798 — Hard-coded Credentials6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 61.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Tripleo Heat Templates Redhat Openstack

Timeline

PublishedJul 30

Latest updateMay 13

Description

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDopenstack/tripleo_heat_templates< 8.0.2-40

▶NVDredhat/openstack13

🔴Vulnerability Details

GHSA

GHSA-9xj4-8jr9-rf9f: A vulnerability was found in openstack-tripleo-heat-templates before version 8↗2022-05-13

▶

OSV

CVE-2018-10898: A vulnerability was found in openstack-tripleo-heat-templates before version 8↗2018-07-30

▶

CVEList

CVE-2018-10898: A vulnerability was found in openstack-tripleo-heat-templates before version 8↗2018-07-30

▶

📋Vendor Advisories

Red Hat

openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials↗2018-06-22

▶

💬Community

Bugzilla

CVE-2018-10898 openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials↗2018-07-12

▶