Browse Source

Adds OSSA-2016-013 (CVE-2016-9185)

Related-Bug: 1606500
Change-Id: I252bb88c12db7c6130864fa64a5e73d02439799d
Tristan Cacqueray 2 years ago
parent
commit
a8ca0d0e3e
1 changed files with 38 additions and 0 deletions
  1. 38
    0
      ossa/OSSA-2016-013.yaml

+ 38
- 0
ossa/OSSA-2016-013.yaml View File

@@ -0,0 +1,38 @@
1
+date: 2016-11-04
2
+
3
+id: OSSA-2016-013
4
+
5
+title: Network information disclosure through Heat template source URL
6
+
7
+description: >
8
+  Tom Patzig from SAP reported a vulnerability in Heat. By launching a new
9
+  Heat stack with a local URL an authenticated user may conduct network
10
+  discovery revealing internal network configuration. All Heat setup are
11
+  affected.
12
+
13
+affected-products:
14
+  - product: heat
15
+    version: "<=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0"
16
+
17
+vulnerabilities:
18
+  - cve-id: CVE-2016-9185
19
+
20
+reporters:
21
+  - name: Tom Patzig
22
+    affiliation: SAP
23
+    reported:
24
+      - CVE-2015-9185
25
+
26
+issues:
27
+  links:
28
+    - https://launchpad.net/bugs/1606500
29
+
30
+reviews:
31
+  ocata:
32
+    - https://review.openstack.org/393146
33
+  newton:
34
+    - https://review.openstack.org/393147
35
+  mitaka:
36
+    - https://review.openstack.org/393148
37
+  liberty:
38
+    - https://review.openstack.org/393149

Loading…
Cancel
Save