CVE-2024-7319

NameCVE-2024-7319
DescriptionAn incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1082855

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
heat (PTS)bullseye1:15.0.0-4fixed
bookworm1:19.0.0-3vulnerable
trixie, sid1:23.0.0-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
heatsourcebullseye(not affected)
heatsource(unstable)(unfixed)1082855

Notes

[bookworm] - heat <no-dsa> (Minor issue)
[bullseye] - heat <not-affected> (Incomplete fix for CVE-2023-1625 not applied)
https://storyboard.openstack.org/#!/story/2011007

Search for package or bug name: Reporting problems