OpenStack Orchestration API Vulnerability in Heat by OpenStack
CVE-2014-3801

Currently unrated

Key Information:

Vendor: Openstack
Status: Heat
Vendor: CVE Published:; 23 May 2014

Summary

The OpenStack Orchestration API (Heat) is vulnerable due to improper access control that allows remote authenticated users to access sensitive information. By exploiting this flaw, attackers can obtain the provider template URL through the resource-type-list while creating a stack. This could lead to unauthorized exposure of details that could be leveraged for further attacks.

References

http://www.securityfocus.com/bid/67505

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-2249-1

vendor-advisoryx_refsource_UBUNTU

http://www.openwall.com/lists/oss-security/2014/05/20/1

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 23, 2014
Vulnerability Reserved
May 20, 2014