openstack/heat-templates

openstack/heat-templates

Releases0

Stars385

OpenStack Orchestration (Heat) Templates. Mirror of code maintained at opendev.org.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2014-0040 ↗	Jun 2, 2014Monday, 2 June 2014, 15:55	—	4.3 MEDIUM
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.
CVE-2014-0041 ↗	Jun 2, 2014Monday, 2 June 2014, 15:55	—	4.3 MEDIUM
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.
CVE-2014-0042 ↗	Jun 2, 2014Monday, 2 June 2014, 15:55	—	4.3 MEDIUM
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.