Information Disclosure

2019-01-1509:17:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

23.9%

JSON

openstack-heat is vulnerable to information disclosure attacks. The vulnerability exists as an access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

CPENameOperatorVersion
openstack-heateq6.0.0__8.el7ost
openstack-heateq6.1.0__3.el7ost
openstack-heateq6.0.0__12.el7ost
openstack-heateq7.0.1__2.el7ost
openstack-heateq5.0.1__5.el7ost
openstack-heateq5.0.1__9.el7ost
openstack-heateq5.0.1__6.el7ost
openstack-heateq6.1.0__1.el7ost
openstack-heateq6.0.0__11.el7ost
openstack-heateq7.0.0__7.el7ost

Name	Operator	Version
openstack-heat	eq	6.0.0__8.el7ost
openstack-heat	eq	6.1.0__3.el7ost
openstack-heat	eq	6.0.0__12.el7ost
openstack-heat	eq	7.0.1__2.el7ost
openstack-heat	eq	5.0.1__5.el7ost
openstack-heat	eq	5.0.1__9.el7ost
openstack-heat	eq	5.0.1__6.el7ost
openstack-heat	eq	6.1.0__1.el7ost
openstack-heat	eq	6.0.0__11.el7ost
openstack-heat	eq	7.0.0__7.el7ost