OSSA-2016-013: Network information disclosure through Heat template source URL

OSSA-2016-013: Network information disclosure through Heat template source URL

Date:November 04, 2016
CVE:CVE-2016-9185

Affects

  • Heat: <=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0

Description

Tom Patzig from SAP reported a vulnerability in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. All Heat setup are affected.

Credits

  • Tom Patzig from SAP (CVE-2015-9185)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.