OpenStack Heat
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in OpenStack Heat.
By the Year
In 2026 there have been 0 vulnerabilities in OpenStack Heat. Heat did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.00 |
| 2023 | 1 | 5.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.50 |
It may take a day or so for new Heat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenStack Heat Security Vulnerabilities
OpenStack Heat Sensitive Info Leak via Stack Abandon with Hidden=True
CVE-2024-7319
5 - Medium
- August 02, 2024
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
Information Disclosure
OpenStack Heat 'stack show' Leaks Hidden Parameters
CVE-2023-1625
5 - Medium
- September 24, 2023
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0
CVE-2017-2621
5.5 - Medium
- July 27, 2018
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
Files or Directories Accessible to External Parties
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenStack Heat or by OpenStack? Click the Watch button to subscribe.
