{"url":"http://public2.vulnerablecode.io/api/packages/11679?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.10","type":"pypi","namespace":"","name":"tripleo-heat-templates","version":"0.8.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.0.3","latest_non_vulnerable_version":"11.6.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35241?format=json","vulnerability_id":"VCID-vxt7-kug2-nkbh","summary":"A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2214","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2214"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11764?format=json","purl":"pkg:pypi/tripleo-heat-templates@8.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@8.0.3"}],"aliases":["CVE-2018-10898","PYSEC-2018-102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxt7-kug2-nkbh"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34985?format=json","vulnerability_id":"VCID-nv7k-zxyu-e3fz","summary":"The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2650","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2650"},{"reference_url":"https://bugs.launchpad.net/tripleo/+bug/1516027","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/tripleo/+bug/1516027"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml"},{"reference_url":"https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c","reference_id":"","reference_type":"","scores":[],"url":"https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c"},{"reference_url":"https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42","reference_id":"","reference_type":"","scores":[],"url":"https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5303","reference_id":"CVE-2015-5303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5303"},{"reference_url":"https://github.com/advisories/GHSA-m94p-8942-pm49","reference_id":"GHSA-m94p-8942-pm49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m94p-8942-pm49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9166?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/11679?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10"}],"aliases":["CVE-2015-5303","GHSA-m94p-8942-pm49","PYSEC-2016-35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv7k-zxyu-e3fz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10"}