Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2014-3801

Published: 23 May 2014

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

Priority

Medium

Status

Package Release Status
heat
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was released [2014.1-0ubuntu1.1])
upstream
Released (2014.1.1-0ubuntu1)
Patches:
upstream: https://review.openstack.org/#/c/94625/ (icehouse)
upstream: https://git.openstack.org/cgit/openstack/heat/commit/?id=03dd894de4ad905dc170e358fad27d9c8ed62a73