Vulnerability Description
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Tripleo Heat Templates | < 11.6.1 |
| Redhat | Openstack | 13 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2035793Issue TrackingPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2035793Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2021-4180?
CVE-2021-4180 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri pa...
How severe is CVE-2021-4180?
CVE-2021-4180 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4180?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Tripleo Heat Templates, Redhat Openstack.