{"id":"PYSEC-2026-753","summary":"Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates","details":"An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the `www_authenticate_uri parameter` (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. A patch is available on the `master` branch and anticipated to be part of version 11.6.1.","aliases":["CVE-2021-4180","GHSA-hm3x-jwwf-jpr9"],"modified":"2026-07-06T08:01:02.390391496Z","published":"2026-07-02T14:13:17.118333Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4180"},{"type":"WEB","url":"https://github.com/openstack/tripleo-heat-templates/commit/160936df134a471cfd245bd60964046027a571ea"},{"type":"WEB","url":"https://github.com/openstack/tripleo-heat-templates/commit/2b9461e97fc5c4ceb0848d1cc4484f656bb85515"},{"type":"WEB","url":"https://bugs.launchpad.net/tripleo/+bug/1955397"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2035793"},{"type":"PACKAGE","url":"https://github.com/openstack/tripleo-heat-templates"},{"type":"PACKAGE","url":"https://pypi.org/project/tripleo-heat-templates"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hm3x-jwwf-jpr9"}],"affected":[{"package":{"name":"tripleo-heat-templates","ecosystem":"PyPI","purl":"pkg:pypi/tripleo-heat-templates"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.6.1"}]}],"versions":["0.5.6","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.10","0.8.11","0.8.12","0.8.13","0.8.14","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9","10.0.0","10.1.0","10.2.0","10.3.0","10.4.0","10.5.0","10.6.0","10.6.1","10.6.2","11.0.0","11.1.0","11.2.0","11.3.0","11.3.1","11.4.0","11.5.0","11.6.0","2.0.0","2.1.0","2.2.0","5.0.0","5.0.0.0b1","5.0.0.0b2","5.0.0.0b3","5.0.0.0rc1","5.0.0.0rc2","5.0.0.0rc3","5.1.0","5.2.0","5.3.0","5.3.1","5.3.10","5.3.11","5.3.12","5.3.13","5.3.2","5.3.3","5.3.4","5.3.5","5.3.6","5.3.7","5.3.8","5.3.9","6.0.0","6.0.0.0b1","6.0.0.0b2","6.0.0.0rc1","6.0.0.0rc2","6.1.0","6.2.0","6.2.1","6.2.10","6.2.11","6.2.12","6.2.13","6.2.14","6.2.15","6.2.16","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","6.2.8","6.2.9","7.0.0","7.0.0.0b1","7.0.0.0b2","7.0.0.0b3","7.0.0.0rc1","7.0.0.0rc2","7.0.1","7.0.10","7.0.11","7.0.12","7.0.13","7.0.14","7.0.15","7.0.16","7.0.17","7.0.18","7.0.2","7.0.3","7.0.4","7.0.5","7.0.6","7.0.7","7.0.8","7.0.9","8.0.0","8.0.0.0b1","8.0.0.0b2","8.0.0.0b3","8.0.0.0rc1","8.0.1","8.0.2","8.0.3","8.0.4","8.0.5","8.0.6","8.0.7","8.1.0","8.2.0","8.3.0","8.3.1","8.4.0","8.4.1","9.0.0","9.0.0.0b1","9.0.0.0b2","9.0.0.0b3","9.0.0.0b4","9.0.0.0rc1","9.0.0.0rc2","9.1.0","9.2.0","9.3.0","9.4.0","9.4.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tripleo-heat-templates/PYSEC-2026-753.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}