CVE-2021-4180

Name of the Vulnerable Software and Affected Versions openstack-tripleo-heat-templates versions prior to 11.6.1

Description An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www authenticate uri parameter in configuration files, which is visible to all end users. This would give sensitive information that may aid in additional system exploitation.

Recommendations For versions prior to 11.6.1, update to version 11.6.1 or apply the patch available on the master branch to resolve the issue. As a temporary workaround, consider restricting access to configuration files that contain the www authenticate uri parameter to minimize the risk of exploitation.