CVE-2024-7319 — Sensitive Information Exposure in Redhat Openstack Platform

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

5.0MEDIUMNVD

CNA7.4

EPSS

0.4%

top 39.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack Platform

Timeline

PublishedAug 2

Description

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages1 packages

▶NVDredhat/openstack_platform4 versions+3

🔴Vulnerability Details

GHSA

openstack-heat may disclose sensitive information↗2024-08-02

▶

CVEList

Openstack-heat: incomplete fix for cve-2023-1625↗2024-08-02

▶

OSV

CVE-2024-7319: An incomplete fix for CVE-2023-1625 was found in openstack-heat↗2024-08-02

▶

OSV

openstack-heat may disclose sensitive information↗2024-08-02

▶

📋Vendor Advisories

Red Hat

openstack-heat: Incomplete fix for CVE-2023-1625↗2024-07-31

▶

Debian

CVE-2024-7319: heat - An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive infor...↗2024

▶