cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2017-12155,https://securityvulnerability.io/vulnerability/CVE-2017-12155,,"A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.",Openstack,Openstack-tripleo-heat-templates,6.3,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2017-12-12T20:29:00.000Z,0
CVE-2016-9185,https://securityvulnerability.io/vulnerability/CVE-2016-9185,,"In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.",Openstack,Heat,4.3,MEDIUM,0.0020600000862032175,false,false,false,false,,false,false,2016-11-04T10:00:00.000Z,0
CVE-2015-5303,https://securityvulnerability.io/vulnerability/CVE-2015-5303,,"The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.",Openstack,Tripleo Heat Templates,7.5,HIGH,0.001829999964684248,false,false,false,false,,false,false,2016-04-11T21:00:00.000Z,0
CVE-2014-3801,https://securityvulnerability.io/vulnerability/CVE-2014-3801,,"OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.",Openstack,Heat,,,0.002199999988079071,false,false,false,false,,false,false,2014-05-23T14:00:00.000Z,0
CVE-2013-6426,https://securityvulnerability.io/vulnerability/CVE-2013-6426,,"The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.",Openstack,Heat,,,0.001509999972768128,false,false,false,false,,false,false,2013-12-14T17:00:00.000Z,0
CVE-2013-6428,https://securityvulnerability.io/vulnerability/CVE-2013-6428,,The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.,Openstack,Heat,,,0.0017000000225380063,false,false,false,false,,false,false,2013-12-14T17:00:00.000Z,0