Back to bug 1391895
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-11-04 10:45:23 UTC | Depends On | 1391896 | |
| Andrej Nemec | 2016-11-04 10:47:59 UTC | Blocks | 1391899 | |
| Tim Suter | 2016-11-06 21:57:01 UTC | CC | tsuter | |
| QA Contact | security-response-team | |||
| Tim Suter | 2016-11-06 22:03:43 UTC | Status | NEW | ASSIGNED |
| Assignee | security-response-team | tsuter | ||
| Tim Suter | 2016-11-06 22:17:13 UTC | Whiteboard | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=new,openstack-6/openstack-heat=new,openstack-7/openstack-heat=new,openstack-8/openstack-heat=new,openstack-9/openstack-heat=new,openstack-rdo/openstack-heat=new,openstack-10/openstack-heat=new | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=new,openstack-6/openstack-heat=new,openstack-7/openstack-heat=new,openstack-8/openstack-heat=new,openstack-9/openstack-heat=new,openstack-rdo/openstack-heat=affected,openstack-10/openstack-heat=new |
| Tim Suter | 2016-11-06 22:18:10 UTC | Depends On | 1392249 | |
| Garth Mollett | 2016-11-20 22:14:48 UTC | CC | gmollett | |
| Assignee | tsuter | security-response-team | ||
| Garth Mollett | 2016-11-20 22:15:37 UTC | Whiteboard | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=new,openstack-6/openstack-heat=new,openstack-7/openstack-heat=new,openstack-8/openstack-heat=new,openstack-9/openstack-heat=new,openstack-rdo/openstack-heat=affected,openstack-10/openstack-heat=new | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=new,openstack-6/openstack-heat=new,openstack-7/openstack-heat=new,openstack-8/openstack-heat=new,openstack-9/openstack-heat=new,openstack-rdo/openstack-heat=affected,openstack-10/openstack-heat=notaffected |
| Tim Suter | 2017-02-26 13:50:26 UTC | CC | jjoyce | |
| Whiteboard | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=new,openstack-6/openstack-heat=new,openstack-7/openstack-heat=new,openstack-8/openstack-heat=new,openstack-9/openstack-heat=new,openstack-rdo/openstack-heat=affected,openstack-10/openstack-heat=notaffected | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=wontfix,openstack-6/openstack-heat=wontfix,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-9/openstack-heat=affected,openstack-rdo/openstack-heat=affected,openstack-10/openstack-heat=notaffected | ||
| Tim Suter | 2017-02-26 13:51:15 UTC | Depends On | 1426934, 1426935, 1426933 | |
| Tim Suter | 2017-02-26 14:09:57 UTC | Doc Text | It was found that by launching a new Heat stack with a local URL, an authenticated user may conduct network discovery revealing internal network services |
|
| Eric Christensen | 2017-02-27 14:42:30 UTC | Doc Text | It was found that by launching a new Heat stack with a local URL, an authenticated user may conduct network discovery revealing internal network services | A vulnerability was found in openstack-heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network services. |
| Summer Long | 2017-03-15 00:28:00 UTC | CC | slong | |
| Doc Text | A vulnerability was found in openstack-heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network services. | A configuration vulnerability was found in openstack-heat. Because new Orchestration stacks were launched with a local URL, an authenticated user could conduct network discovery and reveal internal network services. | ||
| Summer Long | 2017-03-15 00:30:51 UTC | Doc Text | A configuration vulnerability was found in openstack-heat. Because new Orchestration stacks were launched with a local URL, an authenticated user could conduct network discovery and reveal internal network services. | A configuration vulnerability was found in the OpenStack Orchestration (heat) service. Because new Orchestration stacks were launched with a local URL, an authenticated user could conduct network discovery and reveal internal network services. |
| Summer Long | 2017-03-15 00:42:02 UTC | Doc Text | A configuration vulnerability was found in the OpenStack Orchestration (heat) service. Because new Orchestration stacks were launched with a local URL, an authenticated user could conduct network discovery and reveal internal network services. | An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services. |
| Eric Christensen | 2017-03-28 14:48:26 UTC | Doc Text | An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services. | An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services. |
| PnT Account Manager | 2018-01-31 00:07:15 UTC | CC | aortega | |
| PnT Account Manager | 2018-01-31 02:07:47 UTC | CC | tsuter | |
| PnT Account Manager | 2018-10-19 21:34:44 UTC | CC | rybrown | |
| Product Security DevOps Team | 2019-07-12 13:04:22 UTC | Status | ASSIGNED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-07-12 13:04:22 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:59:56 UTC | Whiteboard | impact=low,public=20161103,reported=20161104,source=cve,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,fedora-all/openstack-heat=affected,openstack-5/openstack-heat=wontfix,openstack-6/openstack-heat=wontfix,openstack-7/openstack-heat=affected,openstack-8/openstack-heat=affected,openstack-9/openstack-heat=affected,openstack-rdo/openstack-heat=affected,openstack-10/openstack-heat=notaffected |
Back to bug 1391895