Lucene search

[email protected]CVE-2023-1625

HistorySep 24, 2023 - 1:15 a.m.

CVE-2023-1625

2023-09-2401:15:43

CWE-202

[email protected]

web.nvd.nist.gov

openstack

heat

cve-2023-1625

information leak

remote attacker

confidentiality

integrity

availability

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the ‘stack show’ command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

Affected configurations

NVD

Node

openstackheatMatch-

Node

redhatopenstack_platformMatch13.0

redhatopenstack_platformMatch16.1

redhatopenstack_platformMatch16.2

redhatopenstack_platformMatch17.0

CPENameOperatorVersion
openstack:heatopenstack heateq-

CPE	Name	Operator	Version
openstack:heat	openstack heat	eq	-

CNA Affected

[
  {
    "product": "openstack-heat",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 13 (Queens)",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-heat",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:13"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-heat",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 16.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-heat",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:16.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 17.0",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "openstack-heat",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openstack:17.0"
    ]
  },
  {
    "product": "OpenStack RDO",
    "vendor": "RDO",
    "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
    "packageName": "openstack-heat",
    "defaultStatus": "affected"
  }
]