U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:openstack:tripleo_heat_templates:0.5.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.

Published: August 26, 2022; 12:15:09 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

Published: March 23, 2022; 4:15:10 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

Published: July 30, 2018; 1:29:00 PM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 5.8 MEDIUM
CVE-2015-5303

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

Published: April 11, 2016; 5:59:03 PM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM