← Back

Tripleo Heat Templates

tripleo_heat_templates

Vendor: Openstack • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-3585
1Openstack
1Tripleo Heat Templates
Nov 21, 2024
Aug 26, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
CVE-2021-4180
2Openstack
Redhat
2Openstack
Tripleo Heat Templates
Nov 21, 2024
Mar 23, 2022
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is vi...Show more
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.Show less
CVE-2018-10898
2Openstack
Redhat
2Openstack
Tripleo Heat Templates
Nov 21, 2024
Jul 30, 2018
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credent...Show more
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.Show less
CVE-2015-5271
2Openstack
Redhat
2Openstack
Tripleo Heat Templates
May 6, 2026
Apr 15, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb mid...Show more
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.Show less
CVE-2015-5303
1Openstack
1Tripleo Heat Templates
May 6, 2026
Apr 11, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the...Show more
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.Show less