Описание
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
Отчет
While this flaw leaks a password which could reduce confidentiality, integrity, and availability, the impact to this triad is rated low. This is because OpenStack can not be more broadly compromised for two reasons: a) The host has separate authorization authority from the guest virtual machine b) The guest virtual machines that are configured by different stack configurations cannot be compromised Therefore the overall impact of the flaw is rated Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | openstack-heat | Out of support scope | ||
| Red Hat OpenStack Platform 16.1 | openstack-heat | Will not fix | ||
| Red Hat OpenStack Platform 16.2 | openstack-heat | Will not fix | ||
| Red Hat OpenStack Platform 17.0 | openstack-heat | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
An information leak was discovered in OpenStack heat. This issue could ...
EPSS
7.4 High
CVSS3