Red Hat Security Advisory 2014-1687-02 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. It was discovered that a user could temporarily be able to see the URL of a provider template used in another tenant. If the template itself could be accessed, then additional information could be leaked that would otherwise not be visible.
7f7405ebb67a23bad0a5e03b8ca3295a9538a7dcba558003c4904fa12d6899b1
Ubuntu Security Notice 2249-1 - Jason Dunsmore discovered that OpenStack heat did not properly restrict access to template information. A remote authenticated attacker could exploit this to see URL provider templates of other tenants for a limited time.
8be9fac4ad36b56bcc237a02c24459e6268fc88401496dd72a882fe5be9891e9