CVE-2024-7319
MEDIUMopenstack-heat - Exposure of Sensitive Information via Stack Abandon Command
Title source: llmDescription
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
References (2)
Core 2
Core References
Third Party Advisory, Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-7319
Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2258810
Scores
CVSS v3
5.0
EPSS
0.0039
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (6)
openstack/heat
pypi/openstack-heat
0PyPI
redhat/openstack_platform
13.0
redhat/openstack_platform
16.1
redhat/openstack_platform
16.2
redhat/openstack_platform
17.0
Published
Aug 02, 2024
Tracked Since
Feb 18, 2026