{"url":"http://public2.vulnerablecode.io/api/packages/9152?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.7.5","type":"pypi","namespace":"","name":"tripleo-heat-templates","version":"0.7.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.0.3","latest_non_vulnerable_version":"8.0.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34985?format=json","vulnerability_id":"VCID-nv7k-zxyu-e3fz","summary":"The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2650","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2650"},{"reference_url":"https://bugs.launchpad.net/tripleo/+bug/1516027","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/tripleo/+bug/1516027"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c"},{"reference_url":"https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml"},{"reference_url":"https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c","reference_id":"","reference_type":"","scores":[],"url":"https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c"},{"reference_url":"https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42","reference_id":"","reference_type":"","scores":[],"url":"https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5303","reference_id":"CVE-2015-5303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5303"},{"reference_url":"https://github.com/advisories/GHSA-m94p-8942-pm49","reference_id":"GHSA-m94p-8942-pm49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m94p-8942-pm49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9166?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/11679?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10"}],"aliases":["CVE-2015-5303","GHSA-m94p-8942-pm49","PYSEC-2016-35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv7k-zxyu-e3fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34996?format=json","vulnerability_id":"VCID-p48m-hmsy-n3d3","summary":"The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1862","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1862"},{"reference_url":"https://bugs.launchpad.net/tripleo/+bug/1494896","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/tripleo/+bug/1494896"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261697","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261697"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml"},{"reference_url":"https://git.openstack.org/cgit/openstack/tripleo-heat-templates","reference_id":"","reference_type":"","scores":[],"url":"https://git.openstack.org/cgit/openstack/tripleo-heat-templates"},{"reference_url":"https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476","reference_id":"","reference_type":"","scores":[],"url":"https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476"},{"reference_url":"https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch","reference_id":"","reference_type":"","scores":[],"url":"https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch"},{"reference_url":"https://review.openstack.org/226541","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/226541"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5271","reference_id":"CVE-2015-5271","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2015-5271"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5271","reference_id":"CVE-2015-5271","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5271"},{"reference_url":"https://github.com/advisories/GHSA-8936-44gw-7664","reference_id":"GHSA-8936-44gw-7664","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8936-44gw-7664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9164?format=json","purl":"pkg:pypi/tripleo-heat-templates@0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nv7k-zxyu-e3fz"},{"vulnerability":"VCID-vxt7-kug2-nkbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.7"}],"aliases":["CVE-2015-5271","GHSA-8936-44gw-7664","PYSEC-2016-34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p48m-hmsy-n3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35241?format=json","vulnerability_id":"VCID-vxt7-kug2-nkbh","summary":"A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2214","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2214"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11764?format=json","purl":"pkg:pypi/tripleo-heat-templates@8.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@8.0.3"}],"aliases":["CVE-2018-10898","PYSEC-2018-102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxt7-kug2-nkbh"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.5"}