CVE-2021-4180

The CVE affects openstack-tripleo-heat-templates (older than 11.6.1). The underlying issue is an information exposure: an external user can discover internal IP addresses or hostnames by inspecting the www_authenticate_uri parameter in configuration files. This data leakage is specifically tied t...

CVE-2018-10898

CVE-2018-10898 affects openstack-tripleo-heat-templates prior to 8.0.2-40. When deploying with Director in RHOSP13, Opendaylight is configured with easily guessable default credentials, as described in multiple sources (Red Hat RHSA-2018:2214 and CNVD/OSV entries). The issue arises from default c...

CVE-2015-5271

CVE-2015-5271 affects TripleO Heat templates: the swiftproxy pipeline does not properly order Keystone before Swift staticweb middleware when staticweb is enabled, potentially allowing remote attackers to obtain sensitive information from private containers via unspecified vectors. This is docume...

CVE-2015-5303

The CVE-2015-5303 entry concerns TripleO Heat templates (tripleo-heat-templates). When deployed from the CLI, it allows remote attackers to spoof OpenStack Networking metadata requests by exploiting knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. The vulnerabilit...

CVE-2021-3585

CVE-2021-3585 affects openstack-tripleo-heat-templates. The issue is that plain passwords from RHSM are logged during OSP13 deployment with subscription-manager, exposing sensitive credentials locally. CVSS-3.1 base score 5.5 (Medium) with Local attack vector, low complexity, and confidentiality ...