CVE-2021-3585
https://notcve.org/view.php?id=CVE-2021-3585
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. Se ha encontrado un fallo en openstack-tripleo-heat-templates. Las contraseñas simples de RHSM se presentan en los registros durante el despliegue de OSP13 con subscription-manager. • https://access.redhat.com/security/cve/CVE-2021-3585 https://bugs.launchpad.net/tripleo/+bug/1931132 https://bugzilla.redhat.com/show_bug.cgi?id=1961709 https://bugzilla.redhat.com/show_bug.cgi?id=1968247 https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-4180 – openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken
https://notcve.org/view.php?id=CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. Un fallo de exposición de información en openstack-tripleo-heat-templates permite a un usuario externo detectar la IP interna o el nombre de host. • https://bugzilla.redhat.com/show_bug.cgi?id=2035793 https://access.redhat.com/security/cve/CVE-2021-4180 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2018-10898 – openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials
https://notcve.org/view.php?id=CVE-2018-10898
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. Se ha detectado una vulnerabilidad en openstack-tripleo-heat-templates en versiones anteriores a la 8.0.2-40. Al implementarse mediante Director con la configuración por defecto, Opendaylight en RHOSP13 se configura con credenciales por defecto fácilmente adivinables. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. • https://access.redhat.com/errata/RHSA-2018:2214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898 https://access.redhat.com/security/cve/CVE-2018-10898 https://bugzilla.redhat.com/show_bug.cgi?id=1600360 • CWE-798: Use of Hard-coded Credentials •