Description An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L Exploitability: 3.1 | Impact: 3.7 Attack Vector: Network
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Changed
Confidentiality: Low
Integrity: Low
Availability: Low
Affected Packages3 packages ▶ Debian heat < 1:19.0.0-2 +2
🔴 Vulnerability Details6 OSV f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() ↗ 2025-12-24 ▶ GHSA openstack-heat may disclose sensitive information ↗ 2024-08-02 ▶ CVEList Information leak in api ↗ 2023-09-24 ▶ OSV OpenStack Heat information leak vulnerability ↗ 2023-09-24 ▶ GHSA OpenStack Heat information leak vulnerability ↗ 2023-09-24 ▶ Show 1 more
📋 Vendor Advisories5 Red Hat kernel: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() ↗ 2025-12-24 ▶ Red Hat openstack-heat: Incomplete fix for CVE-2023-1625 ↗ 2024-07-31 ▶ Ubuntu OpenStack Heat vulnerability ↗ 2023-08-16 ▶ Red Hat openstack-heat: information leak in API ↗ 2023-01-27 ▶ Debian CVE-2023-1625: heat - An information leak was discovered in OpenStack heat. This issue could allow a r... ↗ 2023 ▶