Workflow

PyPi: Openstack-Heat

CVE-2023-1625

Safety vulnerability ID: 61406

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 24, 2023 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Openstack-heat 20.0.0 includes a fix for CVE-2023-1625: An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb

Affected package

openstack-heat

Latest version: 23.0.0

OpenStack Orchestration

Affected versions

Fixed versions

Vulnerability changelog

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. See CVE-2023-1625.


MISC:RHBZ#2181621: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
MISC:https://access.redhat.com/security/cve/CVE-2023-1625: https://access.redhat.com/security/cve/CVE-2023-1625
MISC:https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb: https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
MISC:https://launchpad.net/bugs/1999665: https://launchpad.net/bugs/1999665

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.0

CVSS v3 Details

MEDIUM 5.0
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
LOW
User Interaction (UI)
NONE
Scope (S)
CHANGED
Confidentiality Impact (C)
LOW
Integrity Impact (I)
NONE
Availability Availability (A)
NONE