tripleo-heat-templates@8.4.1 vulnerabilities

Heat templates for deploying OpenStack with OpenStack.

latest version

18.0.0
first published

10 years ago
latest version published

2 years ago
licenses detected
- Apache-2.0
  [0,)
View tripleo-heat-templates package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the tripleo-heat-templates package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Insecure Defaults Affected versions of this package are vulnerable to Insecure Defaults due to easily guessable credentials. How to fix Insecure Defaults? A fix was pushed into the `master` branch but not yet published.	[0,)
M Information Exposure Affected versions of this package are vulnerable to Information Exposure by disclosing plain passwords in `overcloud_install.log` during OSP13 deployment with `subscription-manager`. How to fix Information Exposure? There is no fixed version for `tripleo-heat-templates`.	[0,)
M Information Exposure Affected versions of this package are vulnerable to Information Exposure by allowing an external user to discover the internal IP or hostname. An attacker could exploit this by checking the `www_authenticate_uri` parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. How to fix Information Exposure? Upgrade `tripleo-heat-templates` to version 16.0.0 or higher.	[0,16.0.0)