CVE-2014-3801CVE-2014-3801

Affected configuration(s):

cpe:/a:openstack:heat:2013.2
cpe:/a:openstack:heat:2013.2.1
cpe:/a:openstack:heat:2013.2.2
cpe:/a:openstack:heat:2013.2.3
cpe:/a:openstack:heat:2014.1

Date published: 2014-05-23T10:55:11.773-04:00

Date last modified: 2014-11-05T03:24:05.257-05:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://rhn.redhat.com/errata/RHSA-2014-1687.html

Summary: OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.