{"id":"PYSEC-2016-35","details":"The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.","aliases":["CVE-2015-5303","GHSA-m94p-8942-pm49"],"modified":"2026-06-10T17:02:45.977123623Z","published":"2016-04-11T21:59:00Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2015:2650"},{"type":"WEB","url":"https://bugs.launchpad.net/tripleo/+bug/1516027"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m94p-8942-pm49"}],"affected":[{"package":{"name":"tripleo-heat-templates","ecosystem":"PyPI","purl":"pkg:pypi/tripleo-heat-templates"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.9"}]}],"versions":["0.5.6","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml"}}],"schema_version":"1.7.5"}