CVE-2015-5295

Name of the Vulnerable Software and Affected Versions OpenStack Orchestration API (Heat) versions prior to 2015.1.3 OpenStack Orchestration API (Heat) versions 5.0.x prior to 5.0.1

Description The issue allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template. This can be demonstrated by using the file:///dev/zero resource type in a template.

Recommendations For versions prior to 2015.1.3, update to version 2015.1.3 or later. For versions 5.0.x prior to 5.0.1, update to version 5.0.1 or later.