Vulnerabilities > Openstack > Heat > 7.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack
5.5
2016-11-04 CVE-2016-9185 Information Exposure vulnerability in Openstack Heat
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration.
network
low complexity
openstack CWE-200
4.3