CVE-2016-9185

Published: Nov 4, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

Affected (4)

Products: Openstack: Heat

Openstack

1 product

Heat

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Openstack Heat	Version 5.0.3
Openstack Heat	Version 6.0.0
Openstack Heat	Version 6.1.0
Openstack Heat	Version 7.0.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://www.securityfocus.com/bid/94205

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1450

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:1456

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:1464

Source: cve@mitre.org

https://bugs.launchpad.net/ossa/+bug/1606500

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://www.securityfocus.com/bid/94205