openstack-heat@19.0.0.0rc1 vulnerabilities

OpenStack Orchestration

Direct Vulnerabilities

Known vulnerabilities in the openstack-heat package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

openstack-heat is an OpenStack Orchestration

Affected versions of this package are vulnerable to Information Exposure via the stack abandon command with the hidden feature set to True. An attacker can disclose sensitive information by exploiting the incomplete fix for the CVE-2023-1625 vulnerability.

How to fix Information Exposure?

There is no fixed version for openstack-heat.

[0,)
  • H
Information Exposure

openstack-heat is an OpenStack Orchestration

Affected versions of this package are vulnerable to Information Exposure. The get stack environment API doesn't mask hidden parameter values. A malicious system user can get sensitive data by this API even though encrypt_parameters_and_properties option is set to true.

How to fix Information Exposure?

Upgrade openstack-heat to version 20.0.0 or higher.

[,20.0.0)