PyPI package
openstack-heat
pkg:pypi/openstack-heat
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-7319 | — | <= 22.0.1 | — | Aug 2, 2024 | An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. | ||
| CVE-2023-1625 | — | < 20.0.0 | 20.0.0 | Sep 24, 2023 | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the | ||
| CVE-2014-3801 | — | < 5.0.0a0 | 5.0.0a0 | May 23, 2014 | OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. |
- CVE-2024-7319Aug 2, 2024affected <= 22.0.1
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
- CVE-2023-1625Sep 24, 2023affected < 20.0.0fixed 20.0.0
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the
- CVE-2014-3801May 23, 2014affected < 5.0.0a0fixed 5.0.0a0
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.