Search CVE reports
1 – 7 of 7 results
CVE-2021-3585
Medium priorityA flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-4180
Medium priorityAn information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to...
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | — | — | — | Needs evaluation | Needs evaluation |
CVE-2018-10898
Low priorityA vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2017-12155
Medium priorityA resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph...
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2017-15114
Medium priorityWhen libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows...
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2015-5271
Medium priorityThe TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is...
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | — | — | — | Not affected | Not affected |
CVE-2015-5303
Medium priorityThe TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of...
1 affected package
tripleo-heat-templates
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tripleo-heat-templates | Not in release | Not in release | Not in release | Not affected | Vulnerable |