openstack-heat

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting openstack-heatpage 1 of 1

CVE-2014-3801NONECVSS 0.0EG 0.0✓ Fixed in 5.0.0a0
2014-05-23
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
CVE-2023-1625HIGHCVSS 7.4EG 7.4✓ Fixed in 20.0.0
2023-09-24
vulnerable: 11.0.0.0rc2.dev52 ... 20.0.0.0rc2 (39 versions)
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidenti…
CVE-2024-7319MEDIUMCVSS 5.0EG 5.0
2024-08-02
vulnerable: 11.0.0.0rc2.dev52 ... 22.0.1 (46 versions)
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

Check whether openstack-heat is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for openstack-heat CVEs against the assets you own.

Start Free Scan →