CVE-2014-3801
Published: 23 May 2014
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
Priority
Status
Package | Release | Status |
---|---|---|
heat Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Ignored
(reached end-of-life)
|
|
trusty |
Does not exist
(trusty was released [2014.1-0ubuntu1.1])
|
|
upstream |
Released
(2014.1.1-0ubuntu1)
|
|
Patches: upstream: https://review.openstack.org/#/c/94625/ (icehouse) upstream: https://git.openstack.org/cgit/openstack/heat/commit/?id=03dd894de4ad905dc170e358fad27d9c8ed62a73 |