—

PYSEC-2016-35

Details

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tripleo-heat-templates

Introduced in: 0 Fixed in: 0.8.9

Fix pip install --upgrade 'tripleo-heat-templates>=0.8.9'

References

https://access.redhat.com/errata/RHSA-2015:2650 [ADVISORY]
https://bugs.launchpad.net/tripleo/+bug/1516027 [WEB]
https://github.com/advisories/GHSA-m94p-8942-pm49 [ADVISORY]