Vulnerabilities > Openstack > Tripleo Heat Templates
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-4180 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. | 4.0 |
| 2018-07-30 | CVE-2018-10898 | Use of Hard-coded Credentials vulnerability in multiple products A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. | 5.8 |
| 2016-04-15 | CVE-2015-5271 | Information Exposure vulnerability in multiple products The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. | 7.5 |
| 2016-04-11 | CVE-2015-5303 | 7PK - Security Features vulnerability in Openstack Tripleo Heat Templates The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. | 5.0 |