openstack-heat is vulnerable to information disclosure attacks. The vulnerability exists as an access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
www.securityfocus.com/bid/96280
access.redhat.com/errata/RHSA-2017:1243
access.redhat.com/errata/RHSA-2017:1464
access.redhat.com/security/cve/CVE-2017-2621
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1420990
bugzilla.redhat.com/show_bug.cgi?id=1424578
bugzilla.redhat.com/show_bug.cgi?id=1424886
bugzilla.redhat.com/show_bug.cgi?id=1428632
bugzilla.redhat.com/show_bug.cgi?id=1428877
bugzilla.redhat.com/show_bug.cgi?id=1431258
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621