Red Hat Security Advisory 2017-1450-01

Red Hat Security Advisory 2017-1450-01 – OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An information-leak vulnerability was found in the OpenStack Orchestration service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services.

Link: https://packetstormsecurity.com/files/142926/RHSA-2017-1450-01.txt