Information leak in api
CVE-2023-1625

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Openstack-heat; Red Hat Openstack Platform 13 (queens); Red Hat Openstack Platform 16.1; Red Hat Openstack Platform 16.2
Vendor: CVE Published:; 24 September 2023

Summary

An information leak has been identified in OpenStack Heat, allowing a remote authenticated attacker to exploit the 'stack show' command. This flaw permits the exposure of parameters that are intended to remain confidential, potentially compromising system integrity. It's crucial for users to assess their configurations and apply necessary security best practices to mitigate any risks linked to this vulnerability.

References

https://access.redhat.com/security/cve/CVE-2023-1625

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2181621

issue-trackingx_refsource_REDHAT

https://github.com/openstack/heat/commit/a49526c278e52823...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 24, 2023
Vulnerability Reserved
Mar 24, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Chengen Du (Canonical) for reporting this issue.