CVE-2014-3801 — Sensitive Information Exposure in Heat

CWE-200 — Sensitive Information Exposure10 documents8 sources

Severity

3.5LOWNVD

EPSS

0.4%

top 37.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Heat

Timeline

PublishedMay 23

Latest updateMay 14

Description

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶Debianopenstack/heat< 2014.1-4+3

▶NVDopenstack/heat5 versions+4

🔴Vulnerability Details

GHSA

OpenStack Heat template URL information leakage↗2022-05-14

▶

OSV

OpenStack Heat template URL information leakage↗2022-05-14

▶

OSV

CVE-2014-3801: OpenStack Orchestration API (Heat) 2013↗2014-05-23

▶

CVEList

CVE-2014-3801: OpenStack Orchestration API (Heat) 2013↗2014-05-23

▶

📋Vendor Advisories

Ubuntu

OpenStack Heat vulnerability↗2014-06-18

▶

Red Hat

openstack-heat: authenticated information leak in Heat↗2014-04-23

▶

Debian

CVE-2014-3801: heat - OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when crea...↗2014

▶

💬Community

Bugzilla

CVE-2014-3801 openstack-heat: authenticated information leak in Heat↗2014-05-21

▶

Bugzilla

CVE-2014-3801 openstack-heat: authenticated information leak in Heat [fedora-all]↗2014-05-21

▶