Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 15 results


CVE-2024-7319

Medium priority
Vulnerable

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

1 affected packages

heat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heat Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-1625

Medium priority

Some fixes available 3 of 5

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the...

1 affected packages

heat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heat Not affected Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2021-3585

Medium priority
Needs evaluation

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.

1 affected packages

tripleo-heat-templates

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tripleo-heat-templates Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-4180

Medium priority
Needs evaluation

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to...

1 affected packages

tripleo-heat-templates

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tripleo-heat-templates Needs evaluation Needs evaluation
Show less packages

CVE-2018-10898

Low priority
Needs evaluation

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

1 affected packages

tripleo-heat-templates

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tripleo-heat-templates Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2017-2621

Medium priority
Ignored

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to...

1 affected packages

heat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heat Not affected
Show less packages

CVE-2017-12155

Medium priority
Needs evaluation

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph...

1 affected packages

tripleo-heat-templates

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tripleo-heat-templates Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2017-15114

Medium priority
Needs evaluation

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows...

1 affected packages

tripleo-heat-templates

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tripleo-heat-templates Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2016-9185

Low priority
Ignored

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

1 affected packages

heat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heat Not affected Not affected
Show less packages

CVE-2015-5271

Medium priority
Ignored

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is...

1 affected packages

tripleo-heat-templates

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tripleo-heat-templates Not affected Not affected
Show less packages