CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

Published: Sep 24, 2023
Updated: May 10, 2024
CVE: CVE-2023-1625
GHSA: GHSA-5836-grcc-8j89
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
openstack-heat	-	20.0.0
redhat / openstack_platform	16.1	16.1.x
redhat / openstack_platform	13.0	13.0.x
redhat / openstack_platform	16.2	16.2.x
redhat / openstack_platform	17.0	17.0.x

https://access.redhat.com/security/cve/CVE-2023-1625
https://bugzilla.redhat.com/show_bug.cgi?id=2181621
https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb
https://launchpad.net/bugs/1999665

Vulnerability Database

CVE-2023-1625

Deep Security Visibility Without the Complexity