A vulnerability was found in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Upstream bug: https://bugs.launchpad.net/ossa/+bug/1606500
Created openstack-heat tracking bugs for this issue: Affects: fedora-all [bug 1391896]
Created openstack-heat tracking bugs for this issue: Affects: openstack-rdo [bug 1392249]
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2017:1456 https://access.redhat.com/errata/RHSA-2017:1456
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:1450 https://access.redhat.com/errata/RHSA-2017:1450
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:1464 https://access.redhat.com/errata/RHSA-2017:1464
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-9185