Vulnerabilities for Tripleo heat templates (...) - CXSECURITY.COM

Vulnerabilities for 'Tripleo heat templates'

2022-03-23

CVE-2021-4180

CWE-200

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

2018-07-30

CVE-2018-10898

CWE-798

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

2016-04-15

CVE-2015-5271

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

2016-04-11

CVE-2015-5303

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

>>> Vendor: Openstack 55 Products

Compute (nova) essex

Compute (nova) folsom

Python glanceclient

Python-keystoneclient

Image registry and delivery service (glance)

Telemetry (ceilometer)

Keystonemiddleware

Ironic inspector

Tripleo heat templates

Murano-dashboard

Python-muranoclient

Cloud magnum orchestration

Instack-undercloud

Oslo.middleware

Ironic-inspector

Copyright 2024, cxsecurity.com