PT-2016-7685 · Openstack · Openstack Heat

Tom Patzig

Publicado

2016-11-04

Atualizado

2018-01-05

CVE-2016-9185

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Heat versions prior to 5.0.4 OpenStack Heat versions 6.0.0 through 6.1.0 OpenStack Heat version 7.0.0

Description The issue allows an authenticated user to conduct network discovery, potentially revealing internal network configuration, by launching a new Heat stack with a local URL.

Recommendations For OpenStack Heat versions prior to 5.0.4, update to version 5.0.4 or later. For OpenStack Heat versions 6.0.0 through 6.1.0, update to version 6.1.1 or later. For OpenStack Heat version 7.0.0, update to a version later than 7.0.0.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-9185

RHSA-2017:1450

RHSA-2017:1456

RHSA-2017:1464

Produtos afetados

Openstack Heat

PT-2016-7685 · Openstack · Openstack Heat

CVE-2016-9185

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12