1099748 – (CVE-2014-3801) CVE-2014-3801 openstack-heat: authenticated information leak in Heat

Bug 1099748 (CVE-2014-3801) - CVE-2014-3801 openstack-heat: authenticated information leak in Heat

Summary: CVE-2014-3801 openstack-heat: authenticated information leak in Heat

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-3801
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1099749 1099750 1149065
Blocks:	1101805
TreeView+	depends on / blocked

Reported:	2014-05-21 06:39 UTC by Vincent Danen
Modified:	2019-09-29 13:17 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-10-22 20:08:50 UTC
Embargoed:

Attachments	(Terms of Use)
havana patch (2.18 KB, patch) 2014-09-15 23:53 UTC, Garth Mollett	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:1687	0	normal	SHIPPED_LIVE	Moderate: openstack-heat security, bug fix, and enhancement update	2014-10-22 21:10:51 UTC

Description Vincent Danen 2014-05-21 06:39:43 UTC

Title: Heat template URL information leakage
Reporter: Jason Dunsmore (Rackspace)
Products: Heat
Versions: 2013.2 to 2013.2.3, and 2014.1

Description:
Jason Dunsmore from Rackspace reported a vulnerability in Heat. An
authenticated user may temporarily see the URL of a provider template
used in another tenant by listing heat resources types. This may result
in disclosure of additional information if the template itself can be
accessed. The URL disappears from the listing after a certain point in
the stack creation. All Heat setups are affected.

https://launchpad.net/bugs/1311223
http://seclists.org/oss-sec/2014/q2/338

Comment 2 Vincent Danen 2014-05-21 06:42:11 UTC

Created openstack-heat tracking bugs for this issue:

Affects: fedora-all [bug 1099749]

Comment 6 Zane Bitter 2014-08-27 22:06:04 UTC

This was fixed upstream in 2014.1.1. Can we close it now?

Comment 9 Garth Mollett 2014-09-15 23:53:00 UTC

Created attachment 937761 [details]
havana patch

Comment 11 Martin Prpič 2014-10-20 12:02:29 UTC

IssueDescription:

It was discovered that a user could temporarily be able to see the URL of a provider template used in another tenant. If the template itself could be accessed, then additional information could be leaked that would otherwise not be visible.

Comment 12 errata-xmlrpc 2014-10-22 17:52:50 UTC

This issue has been addressed in the following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:1687 https://rhn.redhat.com/errata/RHSA-2014-1687.html

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
apevec
ayoung
chazlett
chrisw
gkotton
gmollett
itamar
jpeeler
jrusnack
lhh
markmc
rbryant
rhos-maint
sbaker
sclewis
sdake
shardy
yeylon
zbitter