CVE-2014-3801

Published: May 23, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

Affected (5)

Products: Openstack: Heat

Openstack

1 product

Heat

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Openstack Heat	Version 2013.2.1
Openstack Heat	Version 2013.2.2
Openstack Heat	Version 2013.2.3
Openstack Heat	Version 2013.2
Openstack Heat	Version 2014.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://rhn.redhat.com/errata/RHSA-2014-1687.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/05/20/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/05/20/6

Source: cve@mitre.org

http://www.securityfocus.com/bid/67505

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2249-1

Source: cve@mitre.org

https://bugs.launchpad.net/heat/+bug/1311223

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1687.html