Homepage
About Snyk

tripleo-heat-templates@0.7.8 vulnerabilities

Heat templates for deploying OpenStack with OpenStack.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tripleo-heat-templates package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Defaults

Affected versions of this package are vulnerable to Insecure Defaults due to easily guessable credentials.

How to fix Insecure Defaults?

A fix was pushed into the master branch but not yet published.

[0,)
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure by disclosing plain passwords in overcloud_install.log during OSP13 deployment with subscription-manager.

How to fix Information Exposure?

There is no fixed version for tripleo-heat-templates.

[0,)
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure by allowing an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation.

How to fix Information Exposure?

Upgrade tripleo-heat-templates to version 16.0.0 or higher.

[0,16.0.0)
  • M
Information Exposure

tripleo-heat-templates is a heat templates for deploying OpenStack.

Affected versions of this package are vulnerable to Information Exposure. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

How to fix Information Exposure?

Upgrade tripleo-heat-templates to version 8.0.0.0b2 or higher.

[,8.0.0.0b2)
  • H
Privileges Escalation

tripleo-heat-templates is a heat templates to deploy OpenStack using OpenStack.

Affected versions of this package are vulnerable to Privileges Escalation. When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access).

How to fix Privileges Escalation?

Upgrade tripleo-heat-templates to version 8.0.0.0b2 or higher.

[,8.0.0.0b2)
  • H
Information Exposure

tripleo_heat_templates is a Heat templates for deploying OpenStack with OpenStack. The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.

[,0.8.6]
  • H
Request Spoofing

tripleo_heat_templates is a Heat templates for deploying OpenStack with OpenStack. The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

[,0.8.9]
  • H
Information Exposure

tripleo_heat_templates is a Heat templates for deploying OpenStack with OpenStack. The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

[,0.8.7)
Go back to all versions of this package