Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
OpenStack Heat template URL information leakage
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
Permalink: https://github.com/advisories/GHSA-86qj-4h55-fvpwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: 5 months ago
Identifiers: GHSA-86qj-4h55-fvpw, CVE-2014-3801
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-3801
- https://bugs.launchpad.net/heat/+bug/1311223
- http://rhn.redhat.com/errata/RHSA-2014-1687.html
- http://www.openwall.com/lists/oss-security/2014/05/20/1
- http://www.openwall.com/lists/oss-security/2014/05/20/6
- http://www.ubuntu.com/usn/USN-2249-1
- https://git.openstack.org/cgit/openstack/heat/commit/?id=03dd894de4ad905dc170e358fad27d9c8ed62a73
- https://git.openstack.org/cgit/openstack/heat/commit/?id=7e114a38712da8947ee7ad93eabda34f5e4aa65a
- https://git.openstack.org/cgit/openstack/heat/commit/?id=a02ff20509171346d2a1d2a9df7c81aada134c52
- https://web.archive.org/web/20200229061233/https://www.securityfocus.com/bid/67505/
- https://github.com/advisories/GHSA-86qj-4h55-fvpw
Affected Packages
pypi:openstack-heat
Dependent packages: 0Dependent repositories: 11
Downloads: 4,197 last month
Affected Version Ranges: < 5.0.0a0
Fixed in: 5.0.0a0
All affected versions:
All unaffected versions: 11.0.2, 11.0.3, 12.0.0, 12.1.0, 12.2.0, 13.0.0, 13.0.1, 13.0.2, 13.1.0, 14.0.0, 14.1.0, 14.2.0, 15.0.0, 15.1.0, 16.0.0, 16.1.0, 17.0.0, 17.0.1, 17.0.2, 18.0.0, 18.0.1, 19.0.0, 19.0.1, 19.0.2, 20.0.0, 20.0.1, 21.0.0, 22.0.0