CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1842

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile17.97th
PublishedApr 10, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Redhat

Openstack

<= 6.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2015-0789.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2015-0791.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2015-0830.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2015-0831.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2015-0832.html
πŸ”— http://www.securityfocus.com/bid/74049
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1201875
πŸ”— http://rhn.redhat.com/errata/RHSA-2015-0789.html

Related Vulnerabilities

CVE-2017-26379.9

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. L...

CVE-2020-269439.9

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboar...

CVE-2020-107319.9

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabl...

CVE-2012-44069.8

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loadin...