SUSE CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

PT-2021-19593 · Red Hat · Tripleo-Ansible

Name of the Vulnerable Software and Affected Versions: tripleo-ansible version as shipped in Red Hat Openstack 16.1 Description: A flaw was found in the software, where the Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to...

tripleo-ansible 信息泄露漏洞

tripleo-ansible is an application. Ansible scripts, roles and plugins for TripleO. An information disclosure vulnerability exists in tripleo-ansible. The vulnerability stems from the Ansible log file being readable to all users during stack updates and creation...

Portainer Access Control Error Vulnerability (CNVD-2019-40490)

Portainer is an open source lightweight management UI that allows you to easily manage docker hosts or clusters. An access control error vulnerability exists in the Stack creation feature in Portainer versions prior to 1.22.1. An attacker can exploit this vulnerability to gain full privileges to...

python-django-horizon: XSS in Heat stack creation

A cross-site scripting XSS flaw was found in the Horizon orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

UBUNTU-CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

Heat: CFN policy rules not all enforced

The cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and 1 create a stack via the CreateStack method or 2 upda...

CVE-2013-6426

The cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and 1 create a stack via the CreateStack method or 2 upda...