What is CVE-2021-4180?

CVE-2021-4180 is an information exposure flaw in openstack-tripleo-heat-templates that allows an external user to discover the internal IP or hostname.

How can an attacker exploit CVE-2021-4180?

An attacker can exploit CVE-2021-4180 by checking the www_authenticate_uri parameter in configuration files.

What is the severity of CVE-2021-4180?

The severity of CVE-2021-4180 is medium with a CVSS score of 4.3.

Which software is affected by CVE-2021-4180?

Openstack Tripleo Heat Templates 11.6.1, Redhat Openstack 13, Redhat Openstack 16.1, Redhat Openstack 16.2, and Redhat Openstack tripleo-heat-templates package version 11.6.1 are affected by CVE-2021-4180.

How do I fix CVE-2021-4180?

To fix CVE-2021-4180, update to a version of openstack-tripleo-heat-templates that is higher than 11.6.1.

Vulnerability/
CVE-2021-4180

medium

4.3

CWE

668 200

27/12/2021

23/3/2022

3/8/2024

CVE-2021-4180: Infoleak

First published: Mon Dec 27 2021(Updated: )

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Openstack Tripleo Heat Templates	<11.6.1
Redhat Openstack	=13
Redhat Openstack	=16.1
Redhat Openstack	=16.2
redhat/openstack-tripleo-heat-templates	<11.6.1	11.6.1

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=2035793

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-4180?
CVE-2021-4180 is an information exposure flaw in openstack-tripleo-heat-templates that allows an external user to discover the internal IP or hostname.
How can an attacker exploit CVE-2021-4180?
An attacker can exploit CVE-2021-4180 by checking the www_authenticate_uri parameter in configuration files.
What is the severity of CVE-2021-4180?
The severity of CVE-2021-4180 is medium with a CVSS score of 4.3.
Which software is affected by CVE-2021-4180?
Openstack Tripleo Heat Templates 11.6.1, Redhat Openstack 13, Redhat Openstack 16.1, Redhat Openstack 16.2, and Redhat Openstack tripleo-heat-templates package version 11.6.1 are affected by CVE-2021-4180.
How do I fix CVE-2021-4180?
To fix CVE-2021-4180, update to a version of openstack-tripleo-heat-templates that is higher than 11.6.1.

collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/author
agent/weakness
agent/references
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-4180
agent/software-canonical-lookup
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/openstack
canonical/openstack tripleo heat templates
vendor/redhat
canonical/redhat openstack
version/redhat openstack/13
version/redhat openstack/16.1
version/redhat openstack/16.2
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.