Information Disclosure

2019-01-1509:02:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

JSON

openstack-heat is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

CPENameOperatorVersion
openstack-heateq2013.1.2__4.el6ost
openstack-heateq2013.1__1.3.el6ost
openstack-heateq2013.1.4__1.el6ost
openstack-heateq2013.2.3__2.el6ost
openstack-heateq2013.1.4__2.el6ost
openstack-heateq2013.1.3__1.el6ost
openstack-heateq2013.2__4.el6ost
openstack-heateq2013.2.2__1.el6ost
openstack-heateq2013.2.1__4.el6ost
openstack-heateq2013.2.3__1.el6ost

Name	Operator	Version
openstack-heat	eq	2013.1.2__4.el6ost
openstack-heat	eq	2013.1__1.3.el6ost
openstack-heat	eq	2013.1.4__1.el6ost
openstack-heat	eq	2013.2.3__2.el6ost
openstack-heat	eq	2013.1.4__2.el6ost
openstack-heat	eq	2013.1.3__1.el6ost
openstack-heat	eq	2013.2__4.el6ost
openstack-heat	eq	2013.2.2__1.el6ost
openstack-heat	eq	2013.2.1__4.el6ost
openstack-heat	eq	2013.2.3__1.el6ost