CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3801 – openstack-heat: authenticated information leak in Heat
https://notcve.org/view.php?id=CVE-2014-3801
23 May 2014 — OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. OpenStack Orchestration API (Heat) 2013.2 hasta 2013.2.3 y 2014.1, cuando crea la pila para una plantilla que utiliza una plantilla de proveedor, permite a usuarios remotos autenticados obtener la URL de plantilla de proveedor a través de resource-type-list. It was discovered ... • http://rhn.redhat.com/errata/RHSA-2014-1687.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6426 – Heat: CFN policy rules not all enforced
https://notcve.org/view.php?id=CVE-2013-6426
14 Dec 2013 — The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. El API compatible con CloudFormation en API OpenStack orquestación (Heat) antes de Habana 2013.2.1 y anterior a Icehouse Icehouse-2 no aplica correctamente las reglas de ... • http://rhn.redhat.com/errata/RHSA-2014-0090.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6428 – Heat: ReST API doesn't respect tenant scoping
https://notcve.org/view.php?id=CVE-2013-6428
14 Dec 2013 — The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. La API ReST en API OpenStack Orchestration API (Heat) anterior de a Habana 2013.2.1 y Icehouse anterior a Icehouse-2 permite a usuarios remotos autenticados eludir la restricciones de uso de inquilinos a través de un tenant_id modificado en la ruta de solicitud. The openstack-heat pac... • http://rhn.redhat.com/errata/RHSA-2014-0090.html • CWE-264: Permissions, Privileges, and Access Controls •