Moderate severityNVD Advisory· Published Mar 23, 2022· Updated Aug 3, 2024
CVE-2021-4180
CVE-2021-4180
Description
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tripleo-heat-templatesPyPI | < 11.6.1 | 11.6.1 |
Affected products
2- openstack-tripleo-heat-templates/openstack-tripleo-heat-templatesdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hm3x-jwwf-jpr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4180ghsaADVISORY
- bugs.launchpad.net/tripleo/+bug/1955397ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/openstack/tripleo-heat-templates/commit/160936df134a471cfd245bd60964046027a571eaghsaWEB
- github.com/openstack/tripleo-heat-templates/commit/2b9461e97fc5c4ceb0848d1cc4484f656bb85515ghsaWEB
News mentions
0No linked articles in our index yet.