PT-2018-10168 · Openstack · Openstack-Tripleo-Heat-Templates

James Hebden

Published

2018-07-30

Updated

2021-08-04

CVE-2018-10898

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openstack-tripleo-heat-templates versions prior to 8.0.2-40

Description A vulnerability was found in openstack-tripleo-heat-templates. When deployed using Director with default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

Recommendations For versions prior to 8.0.2-40, update to version 8.0.2-40 or later to resolve the issue. As a temporary workaround, consider changing the default credentials for Opendaylight to prevent exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-10898

PYSEC-2018-102

RHSA-2018:2214

Affected Products

Openstack-Tripleo-Heat-Templates

PT-2018-10168 · Openstack · Openstack-Tripleo-Heat-Templates

CVE-2018-10898

Weakness Enumeration

Related Identifiers

Affected Products

References · 8