Hans Feldt

Name of the Vulnerable Software and Affected Versions: OpenStack Orchestration (heat) service versions prior to 8.0.0 OpenStack Orchestration (heat) service version 6.1.0 OpenStack Orchestration (heat) service version 7.0.2 Description: An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Recommendations: For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue. For version 6.1.0, update to a version later than 6.1.0 to resolve the issue. For version 7.0.2, update to a version later than 7.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** puppet-swift versions prior to 8.2.1 puppet-swift versions prior to 9.4.4 **Description** The issue concerns an information-disclosure problem in Red Hat OpenStack Platform director's installation of Object Storage (swift). It occurs because the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. **Recommendations** For versions prior to 8.2.1, update to version 8.2.1 or later. For versions prior to 9.4.4, update to version 9.4.4 or later.