CVE-2021-4180

Published: Mar 23, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

Affected (4)

Products: Openstack: Tripleo Heat Templates · Redhat: Openstack

1 product

Tripleo Heat Templates

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Openstack Tripleo Heat Templates	Before 11.6.1
Redhat Openstack	Version 13
Redhat Openstack	Version 16.1
Redhat Openstack	Version 16.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=2035793

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2035793

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.