VYPR

Tripleo Heat Templates

by OpenStack

Source repositories

CVEs (8)

  • CVE-2018-10898HigJul 30, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

  • CVE-2015-5271HigApr 15, 2016
    risk 0.49cvss 7.5epss 0.02

    The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to…

  • CVE-2015-5329HigApr 11, 2016
    risk 0.48cvss 7.3epss 0.02

    The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging…

  • CVE-2015-5303HigApr 11, 2016
    risk 0.42cvss 7.5epss 0.02

    The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

  • CVE-2017-12155MedDec 12, 2017
    risk 0.41cvss 6.3epss 0.00

    A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker…

  • CVE-2014-0042Jun 2, 2014
    risk 0.00cvss epss 0.01

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via…

  • CVE-2014-0041Jun 2, 2014
    risk 0.00cvss epss 0.01

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

  • CVE-2014-0040Jun 2, 2014
    risk 0.00cvss epss 0.01

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.