CVE-2016-9185

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
openstackheat
5.0.3
openstackheat
6.0.0
openstackheat
6.1.0
openstackheat
7.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
heat
bullseye
1:15.0.0-4
fixed
jessie
no-dsa
bookworm
1:19.0.0-3
fixed
sid
1:23.0.0-3
fixed
trixie
1:23.0.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
heat
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
ignored
xenial
not-affected
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94205
https://access.redhat.com/errata/RHSA-2017:1450
https://access.redhat.com/errata/RHSA-2017:1456
https://access.redhat.com/errata/RHSA-2017:1464
https://bugs.launchpad.net/ossa/+bug/1606500
http://www.securityfocus.com/bid/94205
https://access.redhat.com/errata/RHSA-2017:1450
https://access.redhat.com/errata/RHSA-2017:1456
https://access.redhat.com/errata/RHSA-2017:1464
https://bugs.launchpad.net/ossa/+bug/1606500