Tripleo Heat Templates@* Security Vulnerabilities and Issues — Tripleo Heat Templates@* CVE List

Lucene search

OpenstackTripleo Heat Templates*

4 matches found

CVE•added 2022/03/23 8:15 p.m.•124 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive infor...

4.3CVSS4AI score0.00099EPSS

CVE•added 2018/07/30 5:29 p.m.•53 views

CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

8.8CVSS8.5AI score0.00177EPSS

CVE•added 2022/08/26 4:15 p.m.•39 views

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.

5.5CVSS5.4AI score0.00019EPSS

CVE•added 2016/04/11 9:59 p.m.•37 views

CVE-2015-5303

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

7.5CVSS7.4AI score0.00326EPSS