CVE-2021-4180

The CVE affects openstack-tripleo-heat-templates (older than 11.6.1). The underlying issue is an information exposure: an external user can discover internal IP addresses or hostnames by inspecting the www_authenticate_uri parameter in configuration files. This data leakage is specifically tied t...

CVE-2018-10898

CVE-2018-10898 affects openstack-tripleo-heat-templates prior to 8.0.2-40. When deploying with Director in RHOSP13, Opendaylight is configured with easily guessable default credentials, as described in multiple sources (Red Hat RHSA-2018:2214 and CNVD/OSV entries). The issue arises from default c...

CVE-2021-3585

CVE-2021-3585 affects openstack-tripleo-heat-templates. The issue is that plain passwords from RHSM are logged during OSP13 deployment with subscription-manager, exposing sensitive credentials locally. CVSS-3.1 base score 5.5 (Medium) with Local attack vector, low complexity, and confidentiality ...

CVE-2015-5303

The CVE-2015-5303 entry concerns TripleO Heat templates (tripleo-heat-templates). When deployed from the CLI, it allows remote attackers to spoof OpenStack Networking metadata requests by exploiting knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. The vulnerabilit...