OpenStack Orchestration API Vulnerability in Heat by OpenStack
CVE-2014-3801

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
23 May 2014

Summary

The OpenStack Orchestration API (Heat) is vulnerable due to improper access control that allows remote authenticated users to access sensitive information. By exploiting this flaw, attackers can obtain the provider template URL through the resource-type-list while creating a stack. This could lead to unauthorized exposure of details that could be leveraged for further attacks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.