date: 2014-05-23

id: OSSA-2014-016

title: 'Heat template URL information leakage'

description: 'Jason Dunsmore from Rackspace reported a vulnerability in Heat. An authenticated
  user may temporarily see the URL of a provider template used in another tenant by
  listing heat resources types. This may result in disclosure of additional information
  if the template itself can be accessed. The URL disappears from the listing after
  a certain point in the stack creation. All Heat setups are affected.'

reference: http://lists.openstack.org/pipermail/openstack-announce/2014-May/000232.html

affected-products:

  - product: heat
    version: 2013.2 to 2013.2.3, and 2014.1

vulnerabilities:

  - cve-id: CVE-2014-3801
    impact-assessment:
      source: 'Red Hat Product Security'
      rating: moderate
      assessment:
        type: CVSS2
        score: 4
        detail: AV:N/AC:L/Au:S/C:P/I:N/A:N
    classification:
      source: 'Red Hat Product Security'
      type: CWE
      detail: TODO

reporters:

  - name: 'Jason Dunsmore'
    affiliation: Rackspace
    reported:
      - CVE-2014-3801

issues:

  links:
    - https://launchpad.net/bugs/1311223

  type: launchpad

reviews:

  juno:
    - https://review.openstack.org/#/c/89695

  icehouse:
    - https://review.openstack.org/#/c/94625

  havana:
    - https://review.openstack.org/#/c/94644

  type: gerrit