CVE-2016-9185

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...

openstack-heat: Vulnerability in Heat template validation leading to DoS

A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...