openstack heat CVE Vulnerabilities (7)

CVEs: 7 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting openstack heat (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 17 of 7 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-7319 An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. [email protected] 5.0 0.39% 2024-08-02 2026-06-17
CVE-2023-1625 An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. [email protected] 7.4 0.71% 2023-09-23 2026-06-17
CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. [email protected] 5.5 0.41% 2018-07-27 2026-06-16
CVE-2016-9185 In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. [email protected] 4.3 1.51% 2016-11-04 2026-06-16
CVE-2014-3801 OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list. [email protected] 3.5 1.62% 2014-05-23 2026-06-16
CVE-2013-6428 The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. [email protected] 4.0 1.74% 2013-12-14 2026-06-16
CVE-2013-6426 The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. [email protected] 4.0 1.03% 2013-12-14 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence