VYPR

Heat

by OpenStack

Source repositories

CVEs (7)

  • CVE-2015-5295MedJan 20, 2016
    risk 0.35cvss 5.4epss 0.03

    The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a…

  • CVE-2016-9185MedNov 4, 2016
    risk 0.28cvss 4.3epss 0.02

    In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

  • CVE-2024-7319Aug 2, 2024
    risk 0.00cvss epss 0.00

    An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

  • CVE-2023-1625Sep 24, 2023
    risk 0.00cvss epss 0.01

    An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of…

  • CVE-2014-3801May 23, 2014
    risk 0.00cvss epss 0.02

    OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

  • CVE-2013-6428Dec 14, 2013
    risk 0.00cvss epss 0.02

    The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.

  • CVE-2013-6426Dec 14, 2013
    risk 0.00cvss epss 0.01

    The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the…