OSSA-2016-013: Network information disclosure through Heat template source URL¶
November 04, 2016
Heat: <=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. All Heat setup are affected.
Tom Patzig from SAP (CVE-2015-9185)