CVE-2021-4180

CWE-200Information ExposureCWE-668Exposure to Wrong Sphere6 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 62.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack Tripleo Heat TemplatesRedhat Openstack
Timeline
PublishedMar 23
Latest updateMar 24

Description

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5openstack-tripleo-heat-templatesopenstack-tripleo-heat-templates versions prior to 11.6.1
PyPItripleo-heat-templates< 11.6.1
NVDredhat/openstack13, 16.1, 16.2+2

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates2022-03-24
OSV
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates2022-03-24
OSV
CVE-2021-4180: An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname2022-03-23
CVEList
CVE-2021-4180: An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname2022-03-23

📋Vendor Advisories

1
Red Hat
openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken2021-12-20
CVE-2021-4180 (MEDIUM CVSS 4.3) | An information exposure flaw in ope | cvebase.io