CVE-2021-3585
- EPSS 0.03%
- Published 26.08.2022 16:15:09
- Last modified 21.11.2024 06:21:54
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
CVE-2021-4180
- EPSS 0.12%
- Published 23.03.2022 20:15:10
- Last modified 21.11.2024 06:37:04
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in con...
CVE-2018-10898
- EPSS 0.18%
- Published 30.07.2018 17:29:00
- Last modified 21.11.2024 03:42:15
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
CVE-2015-5271
- EPSS 0.34%
- Published 15.04.2016 17:59:00
- Last modified 12.04.2025 10:46:40
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which migh...
CVE-2015-5303
- EPSS 0.33%
- Published 11.04.2016 21:59:03
- Last modified 12.04.2025 10:46:40
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSec...