Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 20 May 2014 13:15:54 -0400 (EDT)
From: cve-assign@...re.org
To: tristan.cacqueray@...vance.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack Heat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> An authenticated user may temporarily see the URL of a provider
> template used in another tenant by listing heat resources types.

> https://launchpad.net/bugs/1311223
> 
> an attacker could have access to that user's provider template which
> *could* include lots of information (ssh keys, password, "secret
> sauce" server configuration, etc)

Use CVE-2014-3801.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTe42SAAoJEKllVAevmvmsCXUH+gKxYSb8Me1pP/WtHufb8gIP
pzM+NAgmRayjDGxYM3UcWG5MyuxoTMdluJovG0aVlOExVaDe6qL167r6HiafZPA8
4k18j6WweAci+r6wPa4uh3Kp3dU4INgTKrrq/RTDYKgigNspi/12r0W6R8cEXRDN
hVQRKYgoCzT5aXencZwkV5KZM+HKAOViDdqNQEc8QaNoP4cDDxC6HNeyuP8VI6Sx
H98jj0feMpfXyGt82l5tUNi/ZZCQcpkKwhJF6fYJA1or0sZ9Ok/rZilSl+WJApmE
5wqaLDLu4AQBnWIY1zzFgdruKLBnJdA5IgdX17XbW8c0jjtnjGNrvtYkYam6XnY=
=7oIs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ