GCVE - cpe:2.3:a:openstack:heat:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:heat:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Heat (`00555065-7463-5f11-9f46-7e1232f20492`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/openstackhelm/heat`	purl2cpe	2026-06-01 10:17:03.682940
`pkg:github/openstack/heat`	purl2cpe	2026-06-01 10:17:03.682942
`pkg:npm/openstack-heat-wrapper`	purl2cpe	2026-06-01 10:17:03.682944
`pkg:pypi/openstack-heat`	purl2cpe	2026-06-01 10:17:03.682945
`pkg:rpm/opensuse/openstack-heat`	purl2cpe	2026-06-01 10:17:03.682946

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-2621`	vulnerable	2026-06-03 14:37:07.824740	Details available MEDIUM (5.9) An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Published: 2018-07-27T18:00:00.000Z Updated: 2024-08-05T14:02:06.948Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621 https://access.redhat.com/errata/RHSA-2017:1243 https://access.redhat.com/errata/RHSA-2017:1464 http://www.securityfocus.com/bid/96280	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6428`	vulnerable	2026-06-03 14:33:26.204530	Details available The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. Published: 2013-12-14T17:00:00.000Z Updated: 2024-08-06T17:39:01.371Z Open on db.gcve.eu Reference links https://launchpad.net/bugs/1256983 http://rhn.redhat.com/errata/RHSA-2014-0090.html http://seclists.org/oss-sec/2013/q4/479	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6426`	vulnerable	2026-06-03 14:33:26.203069	Details available The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. Published: 2013-12-14T17:00:00.000Z Updated: 2024-08-06T17:39:01.344Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/89658 http://rhn.redhat.com/errata/RHSA-2014-0090.html https://bugs.launchpad.net/heat/+bug/1256049 http://www.openwall.com/lists/oss-security/2013/12/11/9 http://www.securityfocus.com/bid/64243	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.