High severity7.5NVD Advisory· Published Apr 11, 2016· Updated May 6, 2026
CVE-2015-5303
CVE-2015-5303
Description
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tripleo-heat-templatesPyPI | < 0.8.10 | 0.8.10 |
Affected products
1- cpe:2.3:a:openstack:tripleo_heat_templates:*:*:*:*:*:*:*:*
Patches
2293f19b2a413Remove unsafe "unset" defaults
5 files changed · +0 −39
overcloud.yaml+0 −14 modified@@ -13,7 +13,6 @@ parameters: # Common parameters (not specific to a role) AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true @@ -22,12 +21,10 @@ parameters: description: The ceilometer backend type. type: string CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service account. type: string hidden: true @@ -138,7 +135,6 @@ parameters: description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronPassword: - default: unset description: The password for the neutron service account, used by neutron agents. type: string hidden: true @@ -169,7 +165,6 @@ parameters: description: Whether to configure Neutron Distributed Virtual Routers type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -227,7 +222,6 @@ parameters: default: 1 description: The number of neutron dhcp agents to schedule per network NovaPassword: - default: unset description: The password for the nova service account, used by nova-api. type: string hidden: true @@ -279,7 +273,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true @@ -298,7 +291,6 @@ parameters: # Controller-specific params AdminToken: - default: unset description: The keystone auth secret. type: string hidden: true @@ -319,7 +311,6 @@ parameters: CinderEnableNfsBackend is true. type: comma_delimited_list CinderPassword: - default: unset description: The password for the cinder service account, used by cinder-api. type: string hidden: true @@ -416,7 +407,6 @@ parameters: type: string default: noop GlancePassword: - default: unset description: The password for the glance service account, used by the glance services. type: string hidden: true @@ -428,14 +418,12 @@ parameters: constraints: - allowed_values: ['swift', 'file', 'rbd'] HeatPassword: - default: unset description: The password for the Heat service account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: description: Password for heat_domain_admin user. type: string - default: '' hidden: true InstanceNameTemplate: default: 'instance-%08x' @@ -515,12 +503,10 @@ parameters: This should be int_public when a VLAN is being used. type: string SwiftHashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. type: string hidden: true SwiftPassword: - default: unset description: The password for the swift service account, used by the swift proxy services. type: string hidden: true
puppet/cinder-storage.yaml+0 −2 modified@@ -17,7 +17,6 @@ parameters: description: The size of the loopback file used by the cinder LVM driver. type: number CinderPassword: - default: unset description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true @@ -70,7 +69,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true
puppet/compute.yaml+0 −7 modified@@ -5,7 +5,6 @@ description: > parameters: AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true @@ -16,12 +15,10 @@ parameters: constraints: - allowed_values: ['', Present] CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service account. type: string hidden: true @@ -110,7 +107,6 @@ parameters: VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronPassword: - default: unset description: The password for the neutron service account, used by neutron agents. type: string hidden: true @@ -147,7 +143,6 @@ parameters: default: 'False' type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -212,7 +207,6 @@ parameters: description: Whether to enable or not the Rbd backend for Nova type: boolean NovaPassword: - default: unset description: The password for the nova service account, used by nova-api. type: string hidden: true @@ -258,7 +252,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true
puppet/controller.yaml+0 −14 modified@@ -10,12 +10,10 @@ parameters: type: string hidden: true AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminToken: - default: unset description: The keystone auth secret and db password. type: string hidden: true @@ -27,12 +25,10 @@ parameters: description: The ceilometer backend type. type: string CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service and db account. type: string hidden: true @@ -72,7 +68,6 @@ parameters: CinderEnableNfsBackend is true. type: comma_delimited_list CinderPassword: - default: unset description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true @@ -170,7 +165,6 @@ parameters: type: string default: '' GlancePassword: - default: unset description: The password for the glance service and db account, used by the glance services. type: string hidden: true @@ -210,14 +204,12 @@ parameters: description: Syslog address where HAproxy will send its log type: string HeatPassword: - default: unset description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: description: Password for heat_domain_admin user. type: string - default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine @@ -367,7 +359,6 @@ parameters: description: Whether to configure Neutron Distributed Virtual Routers type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -430,7 +421,6 @@ parameters: VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronPassword: - default: unset description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true @@ -482,7 +472,6 @@ parameters: type: string default: '' NovaPassword: - default: unset description: The password for the nova service and db account, used by nova-api. type: string hidden: true @@ -542,12 +531,10 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true SwiftHashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true @@ -565,7 +552,6 @@ parameters: description: Partition Power to use when building Swift rings type: number SwiftPassword: - default: unset description: The password for the swift service account, used by the swift proxy services. hidden: true
puppet/swift-storage.yaml+0 −2 modified@@ -7,7 +7,6 @@ parameters: constraints: - custom_constraint: nova.flavor HashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true @@ -40,7 +39,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true
1a0c7d97165cRemove unsafe "unset" defaults
5 files changed · +0 −39
overcloud.yaml+0 −14 modified@@ -13,7 +13,6 @@ parameters: # Common parameters (not specific to a role) AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true @@ -22,12 +21,10 @@ parameters: description: The ceilometer backend type. type: string CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service account. type: string hidden: true @@ -144,7 +141,6 @@ parameters: description: The tenant network type for Neutron. type: comma_delimited_list NeutronPassword: - default: unset description: The password for the neutron service account, used by neutron agents. type: string hidden: true @@ -175,7 +171,6 @@ parameters: description: Whether to configure Neutron Distributed Virtual Routers type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -250,7 +245,6 @@ parameters: default: 1 description: The number of neutron dhcp agents to schedule per network NovaPassword: - default: unset description: The password for the nova service account, used by nova-api. type: string hidden: true @@ -302,7 +296,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true @@ -337,7 +330,6 @@ parameters: # Controller-specific params AdminToken: - default: unset description: The keystone auth secret. type: string hidden: true @@ -358,7 +350,6 @@ parameters: CinderEnableNfsBackend is true. type: comma_delimited_list CinderPassword: - default: unset description: The password for the cinder service account, used by cinder-api. type: string hidden: true @@ -460,7 +451,6 @@ parameters: type: string default: noop GlancePassword: - default: unset description: The password for the glance service account, used by the glance services. type: string hidden: true @@ -472,14 +462,12 @@ parameters: constraints: - allowed_values: ['swift', 'file', 'rbd'] HeatPassword: - default: unset description: The password for the Heat service account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: description: Password for heat_domain_admin user. type: string - default: '' hidden: true InstanceNameTemplate: default: 'instance-%08x' @@ -562,12 +550,10 @@ parameters: This should be int_public when a VLAN is being used. type: string SwiftHashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. type: string hidden: true SwiftPassword: - default: unset description: The password for the swift service account, used by the swift proxy services. type: string hidden: true
puppet/cinder-storage.yaml+0 −2 modified@@ -17,7 +17,6 @@ parameters: description: The size of the loopback file used by the cinder LVM driver. type: number CinderPassword: - default: unset description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true @@ -70,7 +69,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true
puppet/compute.yaml+0 −7 modified@@ -5,7 +5,6 @@ description: > parameters: AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true @@ -16,12 +15,10 @@ parameters: constraints: - allowed_values: ['', Present] CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service account. type: string hidden: true @@ -110,7 +107,6 @@ parameters: VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronPassword: - default: unset description: The password for the neutron service account, used by neutron agents. type: string hidden: true @@ -155,7 +151,6 @@ parameters: default: 'False' type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -224,7 +219,6 @@ parameters: description: Whether to enable or not the Rbd backend for Nova type: boolean NovaPassword: - default: unset description: The password for the nova service account, used by nova-api. type: string hidden: true @@ -270,7 +264,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true
puppet/controller.yaml+0 −14 modified@@ -5,12 +5,10 @@ description: > parameters: AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminToken: - default: unset description: The keystone auth secret and db password. type: string hidden: true @@ -22,12 +20,10 @@ parameters: description: The ceilometer backend type. type: string CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service and db account. type: string hidden: true @@ -76,7 +72,6 @@ parameters: CinderEnableNfsBackend is true. type: comma_delimited_list CinderPassword: - default: unset description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true @@ -183,7 +178,6 @@ parameters: type: string default: '' GlancePassword: - default: unset description: The password for the glance service and db account, used by the glance services. type: string hidden: true @@ -227,14 +221,12 @@ parameters: description: Number of workers for Glance service. type: number HeatPassword: - default: unset description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: description: Password for heat_domain_admin user. type: string - default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine @@ -393,7 +385,6 @@ parameters: description: Whether to configure Neutron Distributed Virtual Routers type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -455,7 +446,6 @@ parameters: VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronPassword: - default: unset description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true @@ -534,7 +524,6 @@ parameters: Whether to create cron job for purging soft deleted rows in Nova database. type: boolean NovaPassword: - default: unset description: The password for the nova service and db account, used by nova-api. type: string hidden: true @@ -598,12 +587,10 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true SwiftHashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true @@ -621,7 +608,6 @@ parameters: description: Partition Power to use when building Swift rings type: number SwiftPassword: - default: unset description: The password for the swift service account, used by the swift proxy services. hidden: true
puppet/swift-storage.yaml+0 −2 modified@@ -7,7 +7,6 @@ parameters: constraints: - custom_constraint: nova.flavor HashSuffix: - default: unset description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true @@ -40,7 +39,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- access.redhat.com/errata/RHSA-2015:2650nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-m94p-8942-pm49ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5303ghsaADVISORY
- bugs.launchpad.net/tripleo/+bug/1516027nvdWEB
- github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80cghsaWEB
- github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yamlghsaWEB
- opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80cghsaWEB
- opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42ghsaWEB
News mentions
0No linked articles in our index yet.