Bug 2258810 (CVE-2024-7319) - CVE-2024-7319 openstack-heat: Incomplete fix for CVE-2023-1625
Summary: CVE-2024-7319 openstack-heat: Incomplete fix for CVE-2023-1625
Keywords:
Status: NEW
Alias: CVE-2024-7319
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2258812 2258813
Blocks: 2258811
TreeView+ depends on / blocked
 
Reported: 2024-01-17 14:21 UTC by Pedro Sampaio
Modified: 2024-07-31 14:52 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2024-01-17 14:21:00 UTC
An incomplete fix for CVE-2023-1625 in openstack-heat was discovered. Some sensitive information may still be disclosed through openstack stack abandon command even with the hidden feature set to True and CVE-2023-1625 fix applied.

References:

https://storyboard.openstack.org/#!/story/2011007


Note You need to log in before you can comment on or make changes to this bug.