Comment 19 for bug 1606500
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Heat: template source URL allows network port scan | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Proposed impact description:
Title: Network information disclosure through Heat template source URL
Reporter: Tom Patzig (SAP)
Products: Heat
Affects: >=5.0.0 <=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0
Description:
Tom Patzig from SAP reported a vulnerability in Heat. By launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. All Heat setup are affected.