Tripleo Heat Templates Security Vulnerabilities and Issues — Tripleo Heat Templates CVE List

Lucene search

OpenstackTripleo Heat Templates

5 matches found

CVE•added 2022/03/23 8:15 p.m.•124 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive infor...

4.3CVSS4AI score0.00099EPSS

CVE•added 2018/07/30 5:29 p.m.•53 views

CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

8.8CVSS8.5AI score0.00177EPSS

CVE•added 2016/04/15 5:59 p.m.•52 views

CVE-2015-5271

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive info...

7.5CVSS7.1AI score0.00459EPSS

CVE•added 2022/08/26 4:15 p.m.•39 views

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.

5.5CVSS5.4AI score0.00019EPSS

CVE•added 2016/04/11 9:59 p.m.•37 views

CVE-2015-5303

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

7.5CVSS7.4AI score0.00326EPSS