Heat Security Vulnerabilities and Issues — Heat CVE List

OpenstackHeat

7 matches found

CVE•added 2023/09/24 12:8 a.m.•94 views

CVE-2023-1625

CVE-2023-1625 affects OpenStack Heat. A disclosed information leak allows a remote, authenticated attacker to use the stack show command to reveal otherwise hidden parameters. Impact is described as low for confidentiality and low for other aspects, with exploitation tied to OpenStack Heat behavi...

7.4CVSS5.8AI score0.00709EPSS

CVE•added 2018/07/27 6:0 p.m.•67 views

CVE-2017-2621

The CVE-2017-2621 issue affects OpenStack Orchestration (Heat) prior to 8.0.0 (and 6.1.0, 7.0.2 in older branches): a service log directory was world-readable, allowing a local attacker to access sensitive information. Connected advisories confirm Heat-related fixes and updates (e.g., RHSA notes ...

5.9CVSS5.2AI score0.00413EPSS

CVE•added 2016/11/04 10:0 a.m.•65 views

CVE-2016-9185

CVE-2016-9185 affects OpenStack Heat (OpenStack Orchestration). The vulnerability allows an authenticated user to discover internal network configuration by launching a new Heat stack with a local URL, causing an information-leak. Affected OpenStack Heat versions are =6.0.0

4.3CVSS4.3AI score0.01508EPSS

CVE•added 2024/08/02 8:36 p.m.•64 views

CVE-2024-7319

CVE-2024-7319 arises from an incomplete fix for CVE-2023-1625 in OpenStack Heat. The vulnerability could allow sensitive information to be disclosed via the OpenStack stack abandon command when the hidden feature remains enabled, even if the CVE-2023-1625 fix is applied. The connected documents c...

5CVSS7.5AI score0.00709EPSS

CVE•added 2014/05/23 2:0 p.m.•63 views

CVE-2014-3801

OpenStack Heat (Orchestration) vulnerability CVE-2014-3801 affects Heat 2013.2 through 2013.2.3 and 2014.1, where creating a stack for a template using a provider template could let remote authenticated users obtain the provider template URL via the resource-type-list. The Red Hat advisory RHSA-2...

3.5CVSS6.1AI score0.0162EPSS

CVE•added 2013/12/14 5:0 p.m.•58 views

CVE-2013-6426

The CVE-2013-6426 issue affects OpenStack Heat’s cloudformation-compatible API, where policy enforcement was inadequate, allowing in-instance users to create or update stacks via CreateStack/UpdateStack and bypass restrictions. Public disclosures in SUSE and Red Hat advisories confirm the problem...

4CVSS6.3AI score0.0103EPSS

CVE•added 2013/12/14 5:0 p.m.•54 views

CVE-2013-6428

OpenStack Heat vulnerability (CVE-2013-6428) affects the Heat REST API in OpenStack Orchestration. The issue allows an authenticated remote user to bypass tenant scoping by modifying the tenant_id in the request path, potentially enabling privilege escalation. Public vendor advisories confirm the...

4CVSS6.2AI score0.01744EPSS