CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
EPSS
Percentile
32.6%
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive
information may possibly be disclosed through the OpenStack stack abandon
command with the hidden feature set to True and the CVE-2023-1625 fix
applied.
Author | Note |
---|---|
mdeslaur | See openstack bug, there isn’t likely to be a fix available for this issue. This vulnerability requires the “Abandon” feature to be enabled, while it is disabled by default. Fixing this will also break the “Adopt” feature, which is also disabled by default. As of 2024-08-16, there is no fix for this issue available from heat developers. |