CVE-2016-9185 – openstack-heat: Template source URL allows network port scan
https://notcve.org/view.php?id=CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. En OpenStack Heat, lanzando una nueva pila Heat con una URL local un usuario autenticado puede llevar a cabo detección de redes revelando configuración interna de la red. Las versiones afectadas son <=5.0.3, >=6.0.0 <=6.1.0 y ==7.0.0. An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. • http://www.securityfocus.com/bid/94205 https://access.redhat.com/errata/RHSA-2017:1450 https://access.redhat.com/errata/RHSA-2017:1456 https://access.redhat.com/errata/RHSA-2017:1464 https://bugs.launchpad.net/ossa/+bug/1606500 https://access.redhat.com/security/cve/CVE-2016-9185 https://bugzilla.redhat.com/show_bug.cgi?id=1391895 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5303 – python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value
https://notcve.org/view.php?id=CVE-2015-5303
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. Las plantillas TripleO Heat (tripleo-heat-templates), cuando se despliegan través de la interfaz de línea de comandos, permiten a atacantes remotos suplantar peticiones de metadatos OpenStack Networking aprovechando el conocimiento del valor por defecto del parámetro NeutronMetadataProxySharedSecret. It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests. • https://access.redhat.com/errata/RHSA-2015:2650 https://bugs.launchpad.net/tripleo/+bug/1516027 https://access.redhat.com/security/cve/CVE-2015-5303 https://bugzilla.redhat.com/show_bug.cgi?id=1272297 • CWE-254: 7PK - Security Features •
CVE-2015-5271 – openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware
https://notcve.org/view.php?id=CVE-2015-5271
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. Las plantillas TripleO Heat (tripleo-heat-templates) no ordena correctamente el Identity Service (keystone) en versiones anteriores al middleware de web estática OpenStack Object Storage (Swift) en el pipeline de swiftproxy cuando el middleware de web estática está habilitado, lo que podría permitir a atacantes remotos obtener información sensible de contenedores privados a través de vectores no especificados. A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data. • https://access.redhat.com/errata/RHSA-2015:1862 https://bugs.launchpad.net/tripleo/+bug/1494896 https://bugzilla.redhat.com/show_bug.cgi?id=1261697 https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch https://access.redhat.com/security/cve/CVE-2015-5271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVE-2014-3801 – openstack-heat: authenticated information leak in Heat
https://notcve.org/view.php?id=CVE-2014-3801
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. OpenStack Orchestration API (Heat) 2013.2 hasta 2013.2.3 y 2014.1, cuando crea la pila para una plantilla que utiliza una plantilla de proveedor, permite a usuarios remotos autenticados obtener la URL de plantilla de proveedor a través de resource-type-list. It was discovered that a user could temporarily be able to see the URL of a provider template used in another tenant. If the template itself could be accessed, then additional information could be leaked that would otherwise not be visible. • http://rhn.redhat.com/errata/RHSA-2014-1687.html http://www.openwall.com/lists/oss-security/2014/05/20/1 http://www.openwall.com/lists/oss-security/2014/05/20/6 http://www.securityfocus.com/bid/67505 http://www.ubuntu.com/usn/USN-2249-1 https://bugs.launchpad.net/heat/+bug/1311223 https://access.redhat.com/security/cve/CVE-2014-3801 https://bugzilla.redhat.com/show_bug.cgi?id=1099748 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6426 – Heat: CFN policy rules not all enforced
https://notcve.org/view.php?id=CVE-2013-6426
The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. El API compatible con CloudFormation en API OpenStack orquestación (Heat) antes de Habana 2013.2.1 y anterior a Icehouse Icehouse-2 no aplica correctamente las reglas de política, lo que permite a los usuarios locales en la instancia evitar las restricciones de acceso establecidas y, (1) crear una pila a través de el método CreateStack o, (2) actualizar una pila a través del método UpdateStack. • http://rhn.redhat.com/errata/RHSA-2014-0090.html http://www.openwall.com/lists/oss-security/2013/12/11/9 http://www.securityfocus.com/bid/64243 https://bugs.launchpad.net/heat/+bug/1256049 https://exchange.xforce.ibmcloud.com/vulnerabilities/89658 https://access.redhat.com/security/cve/CVE-2013-6426 https://bugzilla.redhat.com/show_bug.cgi?id=1039141 • CWE-264: Permissions, Privileges, and Access Controls •