tripleo-heat-templates
PyPI5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tripleo-heat-templatespage 1 of 1
- CVE-2015-5271HIGHCVSS 7.5EG 7.5✓ Fixed in 0.8.72016-04-15
vulnerable: 0.5.6 ... 0.8.6 (23 versions)
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled,…
- CVE-2015-5303HIGHCVSS 7.5EG 7.5✓ Fixed in 0.8.92016-04-11
vulnerable: 0.5.6 ... 0.8.8 (25 versions)
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataPro…
- CVE-2017-12155MEDIUMCVSS 6.3EG 6.3✓ Fixed in 7.0.62017-12-12
vulnerable: 0.5.6 ... 7.0.5 (91 versions)
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools …
- CVE-2018-10898HIGHCVSS 8.8✓ Fixed in 8.0.32018-07-30
vulnerable: 0.5.6 ... 8.0.2 (111 versions)
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
- CVE-2021-4180MEDIUMCVSS 4.3EG 4.3✓ Fixed in 11.6.12022-03-23
vulnerable: 0.5.6 ... 9.4.1 (151 versions)
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end us…
Check whether tripleo-heat-templates is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tripleo-heat-templates CVEs against the assets you own.
Start Free Scan →