39 lines
857 B
YAML
39 lines
857 B
YAML
date: 2016-11-04
|
|
|
|
id: OSSA-2016-013
|
|
|
|
title: Network information disclosure through Heat template source URL
|
|
|
|
description: >
|
|
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new
|
|
Heat stack with a local URL an authenticated user may conduct network
|
|
discovery revealing internal network configuration. All Heat setup are
|
|
affected.
|
|
|
|
affected-products:
|
|
- product: heat
|
|
version: "<=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0"
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2016-9185
|
|
|
|
reporters:
|
|
- name: Tom Patzig
|
|
affiliation: SAP
|
|
reported:
|
|
- CVE-2015-9185
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1606500
|
|
|
|
reviews:
|
|
ocata:
|
|
- https://review.openstack.org/393146
|
|
newton:
|
|
- https://review.openstack.org/393147
|
|
mitaka:
|
|
- https://review.openstack.org/393148
|
|
liberty:
|
|
- https://review.openstack.org/393149
|