CVE-2024-7319

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

Published: Aug 2, 2024
Updated: May 4, 2025
CVE: CVE-2024-7319
GHSA: GHSA-2fqr-cx7q-3ph8
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
openstack-heat	-	22.0.1.x
redhat / openstack_platform	16.1	16.1.x
redhat / openstack_platform	13.0	13.0.x
redhat / openstack_platform	16.2	16.2.x
redhat / openstack_platform	17.0	17.0.x

https://access.redhat.com/security/cve/CVE-2024-7319
https://bugzilla.redhat.com/show_bug.cgi?id=2258810
https://storyboard.openstack.org/#!/story/2011007

Vulnerability Database

CVE-2024-7319

Deep Security Visibility Without the Complexity