CVE-2021-4472

MEDIUM

Mistral-OpenStack - Info Disclosure

Title source: llm

Description

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.

References (7)

[Various Sources] https://review.opendev.org/c/openstack/mistral-dashboard/+/800952

[Various Sources] https://review.opendev.org/c/openstack/python-mistralclient/+/800950

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2021-4472

[Issue Tracking] https://bugs.launchpad.net/horizon/+bug/1931558

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2417321

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 15.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-73

Status draft

Affected Products (1)

pypi/python-mistralclient < 4.3.0PyPI

Timeline

Published Nov 26, 2025

Tracked Since Feb 18, 2026