openstack-heat is vulnerable to Information Disclosure. The vulnerability exists because the get_environment
function of service.py
does not mask hidden parameter values, which allows an attacker to get sensitive data through the get stack environment API even when the encrypt_parameters_and_properties
option is set to true