CVE-2021-4472

MEDIUM

Mistral-OpenStack - Info Disclosure

Title source: llm

Description

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.

References (7)

Core 7

Core References

Various Sources

https://review.opendev.org/c/openstack/mistral-dashboard/+/800952

Various Sources

https://review.opendev.org/c/openstack/python-mistralclient/+/800950

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2021-4472

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2417321

Mailing List

https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html

Issue Tracking

https://bugs.launchpad.net/horizon/+bug/1931558

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-73

Status published

Products (4)

pypi/python-mistralclient 0 - 4.3.0PyPI

Red Hat/Red Hat OpenStack Platform 13 (Queens)

Red Hat/Red Hat OpenStack Platform 16.2

Red Hat/Red Hat OpenStack Platform 17.1

Published Nov 26, 2025

Tracked Since Feb 18, 2026