{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34985?format=json","vulnerability_id":"VCID-nv7k-zxyu-e3fz","summary":"The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.","aliases":[{"alias":"CVE-2015-5303"},{"alias":"GHSA-m94p-8942-pm49"},{"alias":"PYSEC-2016-35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9166?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/11679?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9141?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9142?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9143?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9144?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9145?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9146?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9147?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9148?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9149?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9150?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9151?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9152?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9153?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9154?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/9155?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.8"},{"url":"http://public2.vulnerablecode.io/api/packages/9156?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/9157?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9158?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9159?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9160?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9161?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9162?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9163?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-p48m-hmsy-n3d3"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9164?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/9165?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.8"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2650","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2650"},{"reference_url":"https://bugs.launchpad.net/tripleo/+bug/1516027","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/tripleo/+bug/1516027"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml"},{"reference_url":"https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c","reference_id":"","reference_type":"","scores":[],"url":"https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c"},{"reference_url":"https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42","reference_id":"","reference_type":"","scores":[],"url":"https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5303","reference_id":"CVE-2015-5303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5303"},{"reference_url":"https://github.com/advisories/GHSA-m94p-8942-pm49","reference_id":"GHSA-m94p-8942-pm49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m94p-8942-pm49"}],"weaknesses":[{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv7k-zxyu-e3fz"}