Описание
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
Отчет
While this flaw leaks a password, which could reduce confidentiality, integrity, and availability, the impact to this triad is rated Low. This is because OpenStack can not be more broadly compromised for two reasons: a) The host has separate authorization authority from the guest virtual machine b) The guest virtual machines that are configured by different stack configurations cannot be compromised Therefore, the overall impact of the flaw is rated Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | openstack-heat | Out of support scope | ||
| Red Hat OpenStack Platform 16.1 | openstack-heat | Will not fix | ||
| Red Hat OpenStack Platform 16.2 | openstack-heat | Will not fix | ||
| Red Hat OpenStack Platform 17.0 | openstack-heat | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensi ...
openstack-heat may disclose sensitive information
EPSS
5 Medium
CVSS3