Back to bug 1298295
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-13 16:49:00 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-13 16:49:00 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-01-13 16:50:58 UTC | Blocks | 1298296 | |
| Garth Mollett | 2016-01-13 23:11:57 UTC | CC | gmollett | |
| Zane Bitter | 2016-01-14 22:26:59 UTC | CC | augol | |
| Garth Mollett | 2016-01-15 06:54:31 UTC | Whiteboard | impact=important,public=20160119,reported=20160113,source=upstream,cvss2=4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected | impact=moderate,public=20160119,reported=20160113,source=upstream,cvss2=4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected |
| Garth Mollett | 2016-01-15 06:54:38 UTC | Severity | high | medium |
| Garth Mollett | 2016-01-15 06:54:45 UTC | Priority | high | medium |
| Garth Mollett | 2016-01-15 06:58:07 UTC | Depends On | 1298808 | |
| Garth Mollett | 2016-01-15 06:58:22 UTC | Depends On | 1298809 | |
| Garth Mollett | 2016-01-15 06:58:35 UTC | Depends On | 1298810 | |
| Garth Mollett | 2016-01-15 06:58:50 UTC | Depends On | 1298811 | |
| Garth Mollett | 2016-01-15 06:59:04 UTC | Depends On | 1298812 | |
| Lon Hohberger | 2016-01-19 19:26:51 UTC | CC | cvsbot-xmlrpc | |
| Garth Mollett | 2016-01-19 23:11:48 UTC | Summary | EMBARGOED CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS | CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS |
| Garth Mollett | 2016-01-19 23:11:54 UTC | Group | security, qe_staff | |
| Garth Mollett | 2016-01-19 23:14:24 UTC | Depends On | 1300090 | |
| Garth Mollett | 2016-01-19 23:14:45 UTC | Depends On | 1300091 | |
| Garth Mollett | 2016-01-27 04:28:17 UTC | Doc Text | An issue was discovered in the OpenStack Orchestration service (heat) where a specially formatted template could be used to trick the heat-engine service into opening a local file. While the file contents are never disclosed to the end user an attacker could use this flaw to cause a denial of service or determine if a given file name is present on the server. | |
| Summer Long | 2016-01-27 23:43:31 UTC | CC | slong | |
| Doc Text | An issue was discovered in the OpenStack Orchestration service (heat) where a specially formatted template could be used to trick the heat-engine service into opening a local file. While the file contents are never disclosed to the end user an attacker could use this flaw to cause a denial of service or determine if a given file name is present on the server. | A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server. | ||
| Garth Mollett | 2016-01-27 23:44:36 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160113,source=upstream,cvss2=4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected | impact=moderate,public=20160119,reported=20160113,source=upstream,cvss2=6.8/AV:N/AC:L/Au:S/C:N/I:N/A:C,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected |
| Garth Mollett | 2016-01-27 23:44:44 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160113,source=upstream,cvss2=6.8/AV:N/AC:L/Au:S/C:N/I:N/A:C,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected | impact=moderate,public=20160119,reported=20160113,source=upstream,cvss2=6.8/AV:N/AC:L/Au:S/C:N/I:N/A:C,cwe=CWE-400,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected |
| Garth Mollett | 2016-03-14 09:58:35 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-14 05:58:35 UTC | |||
| Perry Myers | 2016-04-26 21:45:00 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160113,source=upstream,cvss2=6.8/AV:N/AC:L/Au:S/C:N/I:N/A:C,cwe=CWE-400,openstack-5/openstack-heat=affected,openstack-6/openstack-heat=affected,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-rdo/openstack-heat=affected,fedora-all/openstack-heat=affected |
Back to bug 1298295