Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9185

Опубликовано: 03 нояб. 2016
Источник: redhat
CVSS3: 3.5
CVSS2: 2.3
EPSS Низкий

Описание

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)openstack-heatWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)openstack-heatWill not fix
Red Hat OpenStack Platform 10 (Newton)openstack-heatNot affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7openstack-heatFixedRHSA-2017:145014.06.2017
Red Hat OpenStack Platform 8.0 (Liberty)openstack-heatFixedRHSA-2017:145614.06.2017
Red Hat OpenStack Platform 9.0 (Mitaka)openstack-heatFixedRHSA-2017:146414.06.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1391895openstack-heat: Template source URL allows network port scan

EPSS

Процентиль: 66%
0.00527
Низкий

3.5 Low

CVSS3

2.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9185

CVSS3: 4.3
ubuntu
около 9 лет назад

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

nvd логотип

CVE-2016-9185

CVSS3: 4.3
nvd
около 9 лет назад

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

debian логотип

CVE-2016-9185

CVSS3: 4.3
debian
около 9 лет назад

In OpenStack Heat, by launching a new Heat stack with a local URL an a ...

github логотип

GHSA-249h-g975-9xj2

CVSS3: 4.3
github
больше 3 лет назад

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

EPSS

Процентиль: 66%
0.00527
Низкий

3.5 Low

CVSS3

2.3 Low

CVSS2

Уязвимость CVE-2016-9185