Adds OSSA-2016-013 (CVE-2016-9185)

Related-Bug: 1606500
Change-Id: I252bb88c12db7c6130864fa64a5e73d02439799d
This commit is contained in:
Tristan Cacqueray 2016-11-04 08:27:21 +00:00
parent 5cfb949aef
commit a8ca0d0e3e
1 changed files with 38 additions and 0 deletions

38
ossa/OSSA-2016-013.yaml Normal file
View File

@ -0,0 +1,38 @@
date: 2016-11-04
id: OSSA-2016-013
title: Network information disclosure through Heat template source URL
description: >
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new
Heat stack with a local URL an authenticated user may conduct network
discovery revealing internal network configuration. All Heat setup are
affected.
affected-products:
- product: heat
version: "<=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0"
vulnerabilities:
- cve-id: CVE-2016-9185
reporters:
- name: Tom Patzig
affiliation: SAP
reported:
- CVE-2015-9185
issues:
links:
- https://launchpad.net/bugs/1606500
reviews:
ocata:
- https://review.openstack.org/393146
newton:
- https://review.openstack.org/393147
mitaka:
- https://review.openstack.org/393148
liberty:
- https://review.openstack.org/393149