OpenStack Orchestration API Vulnerability in Heat by OpenStack
CVE-2014-3801
Currently unrated
Summary
The OpenStack Orchestration API (Heat) is vulnerable due to improper access control that allows remote authenticated users to access sensitive information. By exploiting this flaw, attackers can obtain the provider template URL through the resource-type-list while creating a stack. This could lead to unauthorized exposure of details that could be leveraged for further attacks.
References
Timeline
Vulnerability published
Vulnerability Reserved