CVE-2023-1625

HIGH

OpenStack Heat - Authenticated Information Disclosure via Stack Show Command

Title source: llm

Description

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

References (4)

Core 4

Core References

Patch

https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb

View Patch ZIP pw:eip

Exploit, Issue Tracking, Third Party Advisory

https://launchpad.net/bugs/1999665

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-1625

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2181621

Scores

CVSS v3 7.4

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-202

Status published

Products (6)

openstack/heat

pypi/openstack-heat 0 - 20.0.0PyPI

redhat/openstack_platform 13.0

redhat/openstack_platform 16.1

redhat/openstack_platform 16.2

redhat/openstack_platform 17.0

Published Sep 24, 2023

Tracked Since Feb 18, 2026