PT-2023-17127 · Openstack+3 · Openstack Heat+3

Alejandro Santoyo Gonzalez

Publicado

2023-03-27

Atualizado

2024-09-24

CVE-2023-1625

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OpenStack heat (affected versions not specified)

Description An information leak was discovered in OpenStack heat, allowing a remote, authenticated attacker to use the 'stack show' command to reveal parameters that are supposed to remain hidden. This issue has a low impact on the confidentiality, integrity, and availability of the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-202

Identificadores relacionados

CVE-2023-1625

GHSA-5836-GRCC-8J89

SUSE-SU-2023:2378-1

SUSE-SU-2023:2379-1

USN-6066-1

USN-6293-1

Produtos afetados

Debian

Linuxmint

Openstack Heat

Ubuntu

PT-2023-17127 · Openstack+3 · Openstack Heat+3

CVE-2023-1625

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32