OpenStack Tripleo Heat Templates
By the Year
In 2023 there have been 0 vulnerabilities in OpenStack Tripleo Heat Templates . Last year Tripleo Heat Templates had 2 security vulnerabilities published. Right now, Tripleo Heat Templates is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 2 | 4.90 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.80 |
It may take a day or so for new Tripleo Heat Templates vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenStack Tripleo Heat Templates Security Vulnerabilities
A flaw was found in openstack-tripleo-heat-templates
CVE-2021-3585
5.5 - Medium
- August 26, 2022
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
Cleartext Storage of Sensitive Information
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname
CVE-2021-4180
4.3 - Medium
- March 23, 2022
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
Exposure of Resource to Wrong Sphere
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40
CVE-2018-10898
8.8 - High
- July 30, 2018
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
Use of Hard-coded Credentials
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might
CVE-2015-5271
7.5 - High
- April 15, 2016
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenStack Tripleo Heat Templates or by OpenStack? Click the Watch button to subscribe.
