Tom Patzig

**Name of the Vulnerable Software and Affected Versions** OpenStack Heat versions prior to 5.0.4 OpenStack Heat versions 6.0.0 through 6.1.0 OpenStack Heat version 7.0.0 **Description** The issue allows an authenticated user to conduct network discovery, potentially revealing internal network configuration, by launching a new Heat stack with a local URL. **Recommendations** For OpenStack Heat versions prior to 5.0.4, update to version 5.0.4 or later. For OpenStack Heat versions 6.0.0 through 6.1.0, update to version 6.1.1 or later. For OpenStack Heat version 7.0.0, update to a version later than 7.0.0.