Launchpad CVE tracker

CVE 2016-9185

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

Related bugs and status

CVE-2016-9185 (Candidate) is related to these bugs:

Bug #1606500: [OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)

		In	Importance	Status
1606500	[OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)	OpenStack Dashboard (Horizon)	Undecided	Invalid
1606500	[OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)	OpenStack Security Advisory	Undecided	Fix Released
1606500	[OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)	OpenStack Heat	Medium	Fix Released

Bug #2032682: Heat template network discovery

		In	Importance	Status
2032682	Heat template network discovery	OpenStack Security Advisory	Undecided	Incomplete
2032682	Heat template network discovery	OpenStack Heat	Undecided	New
2032682	Heat template network discovery	OpenStack Dashboard (Horizon)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-9185

References