Adds OSSA-2016-013 (CVE-2016-9185)
Related-Bug: 1606500 Change-Id: I252bb88c12db7c6130864fa64a5e73d02439799d
This commit is contained in:
parent
5cfb949aef
commit
a8ca0d0e3e
|
@ -0,0 +1,38 @@
|
||||||
|
date: 2016-11-04
|
||||||
|
|
||||||
|
id: OSSA-2016-013
|
||||||
|
|
||||||
|
title: Network information disclosure through Heat template source URL
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new
|
||||||
|
Heat stack with a local URL an authenticated user may conduct network
|
||||||
|
discovery revealing internal network configuration. All Heat setup are
|
||||||
|
affected.
|
||||||
|
|
||||||
|
affected-products:
|
||||||
|
- product: heat
|
||||||
|
version: "<=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0"
|
||||||
|
|
||||||
|
vulnerabilities:
|
||||||
|
- cve-id: CVE-2016-9185
|
||||||
|
|
||||||
|
reporters:
|
||||||
|
- name: Tom Patzig
|
||||||
|
affiliation: SAP
|
||||||
|
reported:
|
||||||
|
- CVE-2015-9185
|
||||||
|
|
||||||
|
issues:
|
||||||
|
links:
|
||||||
|
- https://launchpad.net/bugs/1606500
|
||||||
|
|
||||||
|
reviews:
|
||||||
|
ocata:
|
||||||
|
- https://review.openstack.org/393146
|
||||||
|
newton:
|
||||||
|
- https://review.openstack.org/393147
|
||||||
|
mitaka:
|
||||||
|
- https://review.openstack.org/393148
|
||||||
|
liberty:
|
||||||
|
- https://review.openstack.org/393149
|
Loading…
Reference in New Issue