OSSA-2016-013: Network information disclosure through Heat template source URL

Date:November 04, 2016
CVE:CVE-2016-9185

Affects

  • Heat: <=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0

Description

Tom Patzig from SAP reported a vulnerability in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. All Heat setup are affected.

Credits

  • Tom Patzig from SAP (CVE-2015-9185)