Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-4180

Опубликовано: 20 дек. 2021
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 13 (Queens)openstack-tripleo-heat-templatesOut of support scope
Red Hat OpenStack Platform 13 (Queens)openstack-tripleo-heat-templates-compatOut of support scope
Red Hat OpenStack Platform 16.1openstack-tripleo-heat-templatesFixedRHSA-2022:879607.12.2022
Red Hat OpenStack Platform 16.2openstack-tripleo-heat-templatesFixedRHSA-2022:099523.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2035793openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken

EPSS

Процентиль: 38%
0.00167
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-4180

CVSS3: 4.3
ubuntu
почти 4 года назад

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

nvd логотип

CVE-2021-4180

CVSS3: 4.3
nvd
почти 4 года назад

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

debian логотип

CVE-2021-4180

CVSS3: 4.3
debian
почти 4 года назад

An information exposure flaw in openstack-tripleo-heat-templates allow ...

github логотип

GHSA-hm3x-jwwf-jpr9

CVSS3: 4.3
github
почти 4 года назад

Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates

EPSS

Процентиль: 38%
0.00167
Низкий

4.3 Medium

CVSS3