VYPR

PyPI package

openstack-heat

pkg:pypi/openstack-heat

Vulnerabilities (3)

  • CVE-2024-7319Aug 2, 2024
    affected <= 22.0.1

    An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

  • CVE-2023-1625Sep 24, 2023
    affected < 20.0.0fixed 20.0.0

    An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the

  • CVE-2014-3801May 23, 2014
    affected < 5.0.0a0fixed 5.0.0a0

    OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.