Vulnerabilities > CVE-2021-4180 - Exposure of Resource to Wrong Sphere vulnerability in multiple products

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
openstack
CWE-668
NVD
Published: 2022-03-23
Updated: 2022-07-25

Summary

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

Vulnerable Configurations

Part Description Count
Application
Redhat
3
Application
Openstack
140

Common Weakness Enumeration (CWE)

References