{
  "threat_severity" : "Important",
  "public_date" : "2015-10-15T00:00:00Z",
  "bugzilla" : {
    "description" : "openstack-ironic-discoverd: potential remote code execution with debug mode enabled",
    "id" : "1273698",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273698"
  },
  "cvss" : {
    "cvss_base_score" : "6.0",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-749",
  "details" : [ "OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.", "It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was  in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell)." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
    "release_date" : "2015-12-21T00:00:00Z",
    "advisory" : "RHSA-2015:2685",
    "cpe" : "cpe:/a:redhat:openstack:6::el7",
    "package" : "openstack-ironic-discoverd-0:0.2.5-2.el7ost"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7",
    "release_date" : "2015-10-22T00:00:00Z",
    "advisory" : "RHSA-2015:1929",
    "cpe" : "cpe:/a:redhat:openstack-director:7::el7",
    "package" : "openstack-ironic-discoverd-0:1.1.0-8.el7ost"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-5306\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5306" ],
  "name" : "CVE-2015-5306",
  "csaw" : false
}