Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в OpenStack

  [USN-2248-1] OpenStack Cinder vulnerability

  [USN-2247-1] OpenStack Nova vulnerabilities

  [oss-security] [OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-
2573)

  [oss-security] CVE request for vulnerability in OpenStack Neutron

From:Tristan Cacqueray <tristan.cacqueray_(at)_enovance.com>
Date:19 июня 2014 г.
Subject:[oss-security] CVE request for vulnerability in OpenStack Heat



A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Heat template URL information leakage
Reporter: Jason Dunsmore (Rackspace)
Products: Heat
Versions: 2013.2 to 2013.2.3, and 2014.1

Description:
Jason Dunsmore from Rackspace reported a vulnerability in Heat. An
authenticated user may temporarily see the URL of a provider template
used in another tenant by listing heat resources types. This may result
in disclosure of additional information if the template itself can be
accessed. The URL disappears from the listing after a certain point in
the stack creation. All Heat setups are affected.

References:
https://launchpad.net/bugs/1311223

Thanks in advance,

-- Tristan Cacqueray OpenStack Vulnerability Management Team

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород