SUSE-SU-2023:2379-1 Security update for openstack-heat, python-Werkzeug

This update for openstack-heat, python-Werkzeug contains the following fixes: Security fixes included on this update: openstack-heat: - CVE-2023-1625: Fixed an issue where parameter values marked as 'hidden' would be shown in the stack's environment. bsc1209774 python-Werkzeug: - CVE-2023-25577:...

SUSE-SU-2023:2378-1 Security update for openstack-heat, openstack-swift, python-Werkzeug

This update for openstack-heat, openstack-swift, python-Werkzeug contains the following fixes: Security fixes included in this update: openstack-heat: - CVE-2023-1625: Fixed an issue where parameter values marked as 'hidden' would be shown in the stack's environment bsc1209774. openstack-swift: -...

Ubuntu 18.04 LTS / 20.04 LTS : OpenStack Heat vulnerability (USN-6066-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6066-1 advisory. It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue t...

USN-6066-1 heat vulnerability

It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...

Information Disclosure

openstack-heat is vulnerable to Information Disclosure. The vulnerability exists because the getenvironment function of service.py does not mask hidden parameter values, which allows an attacker to get sensitive data through the get stack environment API even when the encryptparametersandproperti...

SUSE CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

PT-2023-17127 · Openstack +3 · Openstack Heat +3

Name of the Vulnerable Software and Affected Versions: OpenStack heat affected versions not specified Description: An information leak was discovered in OpenStack heat, allowing a remote, authenticated attacker to use the 'stack show' command to reveal parameters that are supposed to remain hidde...

UBUNTU-CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

SUSE CVE-2014-0042

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

SUSE CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

SUSE CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

SUSE CVE-2015-5295

The template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or determine the existence of local files via the resource type in a template, as demonstrated by...

SUSE CVE-2016-9185

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...

SUSE CVE-2017-2621

An access-control flaw was found in the OpenStack Orchestration heat service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

SUSE-SU-2023:0070-1 Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp

This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues: Security fixes included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection...

SUSE-SU-2022:3338-1 Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma

This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues: Security updates included on this update: ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates,...

The vulnerability of the Jenkins Openstack Heat Plugin, related to deficiencies in the authentication process, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins Openstack Heat Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

GHSA-HM53-HRHH-GWFQ Missing permission checks in Jenkins openstack-heat Plugin

openstack-heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Missing permission checks in Jenkins openstack-heat Plugin

openstack-heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL...