Skip to main content

Heat

6 CVEs product

Monthly

CVE-2024-7319 PyPI MEDIUM This Month

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat Openstack Platform
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2023-1625 PyPI MEDIUM POC PATCH This Month

An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Heat Openstack Platform
NVD GitHub
CVSS 3.1
5.0
EPSS
0.7%
CVE-2016-9185 MEDIUM This Month

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2014-3801 PyPI LOW PATCH Monitor

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Heat
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2013-6428 MEDIUM POC This Month

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heat
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-6426 MEDIUM POC This Month

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heat
NVD
CVSS 2.0
4.0
EPSS
0.3%
EPSS 0% CVSS 5.0
MEDIUM This Month

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat Openstack Platform
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Heat Openstack Platform
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Heat
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heat
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy