Low severityNVD Advisory· Published May 23, 2014· Updated May 6, 2026
CVE-2014-3801
CVE-2014-3801
Description
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openstack-heatPyPI | < 5.0.0a0 | 5.0.0a0 |
Affected products
5cpe:2.3:a:openstack:heat:2013.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:openstack:heat:2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:heat:2013.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:heat:2013.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:heat:2013.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:heat:2014.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- github.com/advisories/GHSA-86qj-4h55-fvpwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3801ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2014-1687.htmlnvdWEB
- www.openwall.com/lists/oss-security/2014/05/20/1nvdWEB
- www.openwall.com/lists/oss-security/2014/05/20/6nvdWEB
- www.ubuntu.com/usn/USN-2249-1nvdWEB
- bugs.launchpad.net/heat/+bug/1311223nvdWEB
- git.openstack.org/cgit/openstack/heat/commit/ghsaWEB
- git.openstack.org/cgit/openstack/heat/commit/ghsaWEB
- git.openstack.org/cgit/openstack/heat/commit/ghsaWEB
- web.archive.org/web/20200229061233/https://www.securityfocus.com/bid/67505ghsaWEB
- www.securityfocus.com/bid/67505nvd
News mentions
0No linked articles in our index yet.