{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-11T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:2650", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2015:2650"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:09.414Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:2650", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2015:2650"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5329", "datePublished": "2016-04-11T21:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:09.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials."}, {"lang": "es", "value": "Las plantillas TripleO Heat (tripleo-heat-templates), seg\u00fan se utiliza en Red Hat Enterprise Linux OpenStack Platform 7.0, no utiliza correctamente las credenciales RabbitMQ configuradas, lo que facilita a atacantes remotos obtener acceso a servicios en overclouds desplegadas aprovech\u00e1ndose del conocimiento de las credenciales por defecto."}], "id": "CVE-2015-5329", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-11T21:59:05.100", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2015:2650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2015:2650"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Kota Akatsuka (NEC) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:2650", "cpe": "cpe:/a:redhat:openstack-director:7::el7", "package": "openstack-tripleo-heat-templates-0:0.8.6-94.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7", "release_date": "2015-12-21T00:00:00Z"}, {"advisory": "RHSA-2015:2650", "cpe": "cpe:/a:redhat:openstack-director:7::el7", "package": "python-rdomanager-oscplugin-0:0.0.10-22.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7", "release_date": "2015-12-21T00:00:00Z"}], "bugzilla": {"description": "openstack-tripleo-heat-templates: Using hardcoded rabbitmq credentials regardless of supplied values", "id": "1281777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281777"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-798", "details": ["The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.", "A flaw was found in the director (openstack-tripleo-heat-templates) where the RabbitMQ credentials defaulted to guest/guest and supplied values in the configuration were not used. As a result, all deployed overclouds used the same credentials (guest/guest). A remote non-authenticated attacker could use this flaw to access RabbitMQ services in the deployed cloud."], "name": "CVE-2015-5329", "package_state": [{"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "openstack-tripleo-heat-templates", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}], "public_date": "2015-11-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5329\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5329"], "threat_severity": "Moderate"}