CVE-2021-4180
MEDIUMopenstack-tripleo-heat-templates < 11.6.1 - Sensitive Information Exposure via www_authenticate_uri
Title source: llmDescription
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2035793
Scores
CVSS v3
4.3
EPSS
0.0017
EPSS Percentile
37.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
CWE-668
Status
published
Products (5)
openstack/tripleo_heat_templates
< 11.6.1
pypi/tripleo-heat-templates
0 - 11.6.1PyPI
redhat/openstack
13
redhat/openstack
16.1
redhat/openstack
16.2
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026