CVE-2024-7319

Published: Aug 2, 2024Modified: Oct 7, 2024

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.1 / Impact: 1.4

Source: NVD (Secondary)

Description

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

Affected (5)

Products: Openstack: Heat · Redhat: Openstack Platform

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Heat	All versions

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 13.0
Redhat Openstack Platform	Version 16.1
Redhat Openstack Platform	Version 16.2
Redhat Openstack Platform	Version 17.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://access.redhat.com/security/cve/CVE-2024-7319

Source: secalert@redhat.com

Third Party AdvisoryVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2258810

Source: secalert@redhat.com

Issue TrackingVendor Advisory

Timeline

No history available yet.