openstack-heat is vulnerable to information disclosure. An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services.