Описание
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| heat | unfixed | package | ||
| heat | not-affected | bullseye | package |
Примечания
https://storyboard.openstack.org/#!/story/2011007
Negligible security impact
Requires the 'Abandon' feature to be enabled (disabled by default) and a fix
would break the 'Adopt' feature. Issue can be fixed by dropping completely
the abandon and adopt code.
EPSS
Связанные уязвимости
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
openstack-heat may disclose sensitive information
EPSS