Title: Network information disclosure through Heat template source URL
Reporter: Tom Patzig (SAP)
Products: Heat
Affects: >=5.0.0 <=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0
Description:
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. All Heat setup are affected.
Proposed impact description:
Title: Network information disclosure through Heat template source URL
Reporter: Tom Patzig (SAP)
Products: Heat
Affects: >=5.0.0 <=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0
Description:
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. All Heat setup are affected.