Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack heat - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-36911
A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Openstack Heat
4.3
CVSSv3
CVE-2022-36912
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Openstack Heat
4.3
CVSSv3
CVE-2022-36913
Jenkins Openstack Heat Plugin 1.5 and previous versions does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Openstack Heat
7.5
CVSSv3
CVE-2015-5303
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote malicious users to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
Openstack Tripleo Heat Templates
5.5
CVSSv3
CVE-2021-3585
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
Openstack Tripleo Heat Templates
4.3
CVSSv3
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would g...
Redhat Openstack 13
Redhat Openstack 16.1
Openstack Tripleo Heat Templates
Redhat Openstack 16.2
5
CVSSv3
CVE-2023-1625
An information leak exists in OpenStack heat. This issue could allow a remote, authenticated malicious user to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availabilit...
Openstack Heat -
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 16.2
Redhat Openstack Platform 17.0
9.9
CVSSv3
CVE-2020-10731
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.0
Redhat Openstack Platform 15.0
1 Article
NA
CVE-2015-3219
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 prior to 2014.2.4 and 2015.1.x prior to 2015.1.1 allows remote malicious users to inject arbitrary web script or HTML via the description parameter in a heat templa...
Debian Debian Linux 8.0
Openstack Horizon 2014.2.1
Openstack Horizon 2015.1.0
Openstack Horizon 2014.2.0
Openstack Horizon 2014.2.3
Openstack Horizon 2014.2.2
Oracle Solaris 11.2
9.8
CVSSv3
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorize...
Openstack Magnum -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »