oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for vulnerability in OpenStack Heat

From: cve-assign () mitre org
Date: Tue, 20 May 2014 13:15:54 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


An authenticated user may temporarily see the URL of a provider
template used in another tenant by listing heat resources types.



https://launchpad.net/bugs/1311223

an attacker could have access to that user's provider template which
*could* include lots of information (ssh keys, password, "secret
sauce" server configuration, etc)


Use CVE-2014-3801.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTe42SAAoJEKllVAevmvmsCXUH+gKxYSb8Me1pP/WtHufb8gIP
pzM+NAgmRayjDGxYM3UcWG5MyuxoTMdluJovG0aVlOExVaDe6qL167r6HiafZPA8
4k18j6WweAci+r6wPa4uh3Kp3dU4INgTKrrq/RTDYKgigNspi/12r0W6R8cEXRDN
hVQRKYgoCzT5aXencZwkV5KZM+HKAOViDdqNQEc8QaNoP4cDDxC6HNeyuP8VI6Sx
H98jj0feMpfXyGt82l5tUNi/ZZCQcpkKwhJF6fYJA1or0sZ9Ok/rZilSl+WJApmE
5wqaLDLu4AQBnWIY1zzFgdruKLBnJdA5IgdX17XbW8c0jjtnjGNrvtYkYam6XnY=
=7oIs
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: