tripleo-heat-templates@0.8.12 vulnerabilities

Heat templates for deploying OpenStack with OpenStack.

Direct Vulnerabilities

Known vulnerabilities in the tripleo-heat-templates package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Defaults

Affected versions of this package are vulnerable to Insecure Defaults due to easily guessable credentials.

How to fix Insecure Defaults?

A fix was pushed into the master branch but not yet published.

[0,)
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure by disclosing plain passwords in overcloud_install.log during OSP13 deployment with subscription-manager.

How to fix Information Exposure?

There is no fixed version for tripleo-heat-templates.

[0,)
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure by allowing an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation.

How to fix Information Exposure?

Upgrade tripleo-heat-templates to version 16.0.0 or higher.

[0,16.0.0)
  • M
Information Exposure

tripleo-heat-templates is a heat templates for deploying OpenStack.

Affected versions of this package are vulnerable to Information Exposure. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

How to fix Information Exposure?

Upgrade tripleo-heat-templates to version 8.0.0.0b2 or higher.

[,8.0.0.0b2)
  • H
Privileges Escalation

tripleo-heat-templates is a heat templates to deploy OpenStack using OpenStack.

Affected versions of this package are vulnerable to Privileges Escalation. When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access).

How to fix Privileges Escalation?

Upgrade tripleo-heat-templates to version 8.0.0.0b2 or higher.

[,8.0.0.0b2)