oss-sec mailing list archives
Re: CVE request for vulnerability in OpenStack Heat
From: cve-assign () mitre org
Date: Tue, 20 May 2014 13:15:54 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
An authenticated user may temporarily see the URL of a provider template used in another tenant by listing heat resources types.
https://launchpad.net/bugs/1311223 an attacker could have access to that user's provider template which *could* include lots of information (ssh keys, password, "secret sauce" server configuration, etc)
Use CVE-2014-3801. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTe42SAAoJEKllVAevmvmsCXUH+gKxYSb8Me1pP/WtHufb8gIP pzM+NAgmRayjDGxYM3UcWG5MyuxoTMdluJovG0aVlOExVaDe6qL167r6HiafZPA8 4k18j6WweAci+r6wPa4uh3Kp3dU4INgTKrrq/RTDYKgigNspi/12r0W6R8cEXRDN hVQRKYgoCzT5aXencZwkV5KZM+HKAOViDdqNQEc8QaNoP4cDDxC6HNeyuP8VI6Sx H98jj0feMpfXyGt82l5tUNi/ZZCQcpkKwhJF6fYJA1or0sZ9Ok/rZilSl+WJApmE 5wqaLDLu4AQBnWIY1zzFgdruKLBnJdA5IgdX17XbW8c0jjtnjGNrvtYkYam6XnY= =7oIs -----END PGP SIGNATURE-----
Current thread:
- CVE request for vulnerability in OpenStack Heat Tristan Cacqueray (May 20)
- Re: CVE request for vulnerability in OpenStack Heat cve-assign (May 20)