CVE-2023-1625
published 2024-08-02CVE-2023-1625: An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command…
medium5CVSS 3.1
AVNACLPRLUINSCCLINAN
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | heat | < heat 1:19.0.0-2 (bookworm) | heat 1:19.0.0-2 (bookworm) |
| debian | heat | — | — |
| juniper | junos_os | — | — |
| linux | linux_kernel | >= 5.11.0 < 5.15.111 | 5.15.111 |
| linux | linux_kernel | >= 5.16.0 < 6.1.28 | 6.1.28 |
| linux | linux_kernel | >= 5.6.0 < 5.10.180 | 5.10.180 |
| linux | linux_kernel | >= 6.2.0 < 6.2.15 | 6.2.15 |
| linux | linux_kernel | >= 6.3.0 < 6.3.2 | 6.3.2 |
| openstack | heat | >= 0 < 1:19.0.0-2 | 1:19.0.0-2 |
| openstack | heat | >= 0 < 1:19.0.0-2 | 1:19.0.0-2 |
| openstack | heat | >= 0 < 1:19.0.0-2 | 1:19.0.0-2 |
| redhat | openstack_platform | — | — |
| redhat | openstack_platform | — | — |
| redhat | openstack_platform | — | — |
| redhat | openstack_platform | — | — |
CVSS provenance
nvdv3.15.0MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
ghsa5.0MEDIUM
osv5.0MEDIUM