Openstack Tripleo Heat Templates vulnerabilities
3 known vulnerabilities affecting openstack/tripleo_heat_templates.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-3585MEDIUMCVSS 5.5fixed in 8.4.12022-08-26
CVE-2021-3585 [MEDIUM] CWE-200 CVE-2021-3585: A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs du
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
nvd
CVE-2021-4180MEDIUMCVSS 4.3fixed in 11.6.12022-03-23
CVE-2021-4180 [MEDIUM] CWE-200 CVE-2021-4180: An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation
nvd
CVE-2018-10898HIGHCVSS 8.8fixed in 8.0.2-402018-07-30
CVE-2018-10898 [HIGH] CWE-798 CVE-2018-10898: A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
nvd