CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2621 – openstack-heat: /var/log/heat/ is world readable
https://notcve.org/view.php?id=CVE-2017-2621
18 May 2017 — An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Se ha encontrado un fallo de control de acceso en OpenStack Orchestration (heat) en versiones anteriores a la 8.0.0, 6.1.0 y 7.0.2, en el que un directorio de registro de servicio se hacía legible para todos los usuarios de manera incorrecta. Un usuario ma... • http://www.securityfocus.com/bid/96280 • CWE-532: Insertion of Sensitive Information into Log File CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9185 – openstack-heat: Template source URL allows network port scan
https://notcve.org/view.php?id=CVE-2016-9185
04 Nov 2016 — In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. En OpenStack Heat, lanzando una nueva pila Heat con una URL local un usuario autenticado puede llevar a cabo detección de redes revelando configuración interna de la red. Las versiones afectadas son <=5.0.3, >=6.0.0 <=6.1.0 y ==7.0.0. An information-leak vulnerability was found in the OpenS... • http://www.securityfocus.com/bid/94205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3801 – openstack-heat: authenticated information leak in Heat
https://notcve.org/view.php?id=CVE-2014-3801
23 May 2014 — OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. OpenStack Orchestration API (Heat) 2013.2 hasta 2013.2.3 y 2014.1, cuando crea la pila para una plantilla que utiliza una plantilla de proveedor, permite a usuarios remotos autenticados obtener la URL de plantilla de proveedor a través de resource-type-list. It was discovered ... • http://rhn.redhat.com/errata/RHSA-2014-1687.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6426 – Heat: CFN policy rules not all enforced
https://notcve.org/view.php?id=CVE-2013-6426
14 Dec 2013 — The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. El API compatible con CloudFormation en API OpenStack orquestación (Heat) antes de Habana 2013.2.1 y anterior a Icehouse Icehouse-2 no aplica correctamente las reglas de ... • http://rhn.redhat.com/errata/RHSA-2014-0090.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6428 – Heat: ReST API doesn't respect tenant scoping
https://notcve.org/view.php?id=CVE-2013-6428
14 Dec 2013 — The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. La API ReST en API OpenStack Orchestration API (Heat) anterior de a Habana 2013.2.1 y Icehouse anterior a Icehouse-2 permite a usuarios remotos autenticados eludir la restricciones de uso de inquilinos a través de un tenant_id modificado en la ruta de solicitud. The openstack-heat pac... • http://rhn.redhat.com/errata/RHSA-2014-0090.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3642 – HEAT Call Logging 8.01 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3642
09 Oct 2009 — Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. Múltiples vulnerabilidades de inyección SQL en la funcionalidad de Registro de llamadas de FrontRange HEAT v8.01 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) UserName y (2) password. • https://www.exploit-db.com/exploits/9809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •