CVE-2021-4472 - Vulnerability Details

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat Subscribe	Openstack Subscribe

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4391-1	python-mistralclient security update
Debian DLA	DLA-4392-1	mistral-dashboard security update
Github GHSA	GHSA-75hx-6r6j-hw56	OpenStack's Mistral Client has a local file inclusion vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2021-4472
https://bugs.launchpad.net/horizon/+bug/1931558
https://bugzilla.redhat.com/show_bug.cgi?id=2417321
https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html
https://nvd.nist.gov/vuln/detail/CVE-2021-4472
https://review.opendev.org/c/openstack/mistral-dashboard/+/800952
https://review.opendev.org/c/openstack/python-mistralclient/+/800950
https://www.cve.org/CVERecord?id=CVE-2021-4472

History

Mon, 01 Dec 2025 09:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html

Thu, 27 Nov 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2021-4472 https://www.cve.org/CVERecord?id=CVE-2021-4472
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 26 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 26 Nov 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description		The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
Title		Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature
First Time appeared		Redhat Redhat openstack
Weaknesses		CWE-73
CPEs		cpe:/a:redhat:openstack:13 cpe:/a:redhat:openstack:16.2 cpe:/a:redhat:openstack:17.1
Vendors & Products		Redhat Redhat openstack
References		https://access.redhat.com/security/cve/CVE-2021-4472 https://bugs.launchpad.net/horizon/+bug/1931558 https://bugzilla.redhat.com/show_bug.cgi?id=2417321 https://review.opendev.org/c/openstack/mistral-dashboard/+/800952 https://review.opendev.org/c/openstack/python-mistralclient/+/800950
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-11-26T18:31:10.457Z

Updated: 2025-12-01T08:05:35.389Z

Reserved: 2025-11-26T18:01:35.320Z

Link: CVE-2021-4472

Vulnrichment

Updated: 2025-12-01T08:05:35.389Z

NVD

Status : Awaiting Analysis

Published: 2025-11-26T19:15:46.387

Modified: 2025-12-01T15:39:53.100

Link: CVE-2021-4472

Redhat

Severity : Moderate

Publid Date: 2025-11-26T17:51:33Z

Links: CVE-2021-4472 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-73

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-4472", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-11-26T18:01:35.320Z", "datePublished": "2025-11-26T18:31:10.457Z", "dateUpdated": "2025-12-01T08:05:35.389Z"}, "containers": {"cna": {"title": "Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-aodh-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-aodh-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-aodh-evaluator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-aodh-listener", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-aodh-notifier", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-barbican-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-barbican-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-barbican-keystone-listener", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-barbican-worker", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ceilometer-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ceilometer-central", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ceilometer-compute", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ceilometer-ipmi", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ceilometer-notification", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-cinder-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-cinder-backup", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-cinder-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-cinder-scheduler", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-cinder-volume", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-collectd", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-dependencies", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ec2-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-glance-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-glance-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-gnocchi-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-gnocchi-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-gnocchi-metricd", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-gnocchi-statsd", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-heat-all", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-heat-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-heat-api-cfn", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-heat-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-heat-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-horizon", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-horizon-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ironic-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ironic-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ironic-conductor", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ironic-inspector", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ironic-neutron-agent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-ironic-pxe", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-keystone", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-keystone-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-manila-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-manila-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-manila-scheduler", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-manila-share", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-mistral-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-mistral-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-mistral-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-mistral-event-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-mistral-executor", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-dhcp-agent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-l3-agent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-metadata-agent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-metadata-agent-ovn", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-openvswitch-agent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-server", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-server-opendaylight", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-server-ovn", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-neutron-sriov-agent", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-compute", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-compute-ironic", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-conductor", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-consoleauth", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-novncproxy", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-placement-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-nova-scheduler", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-octavia-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-octavia-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-octavia-health-manager", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-octavia-housekeeping", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-octavia-worker", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-panko-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-panko-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-sahara-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-sahara-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-sahara-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-swift-account", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-swift-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhosp13/openstack-swift-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-swift-object", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-swift-proxy-server", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-tempest", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp13/openstack-zaqar", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-mistralclient", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-heat-all", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-heat-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-heat-api-cfn", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-heat-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-heat-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-mistral-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-mistral-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-mistral-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-mistral-event-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-mistral-executor", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-nova-scheduler", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-tripleoclient", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "python-mistralclient", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel8/openstack-tripleoclient", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel9/openstack-heat-all", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel9/openstack-heat-api", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel9/openstack-heat-api-cfn", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel9/openstack-heat-base", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel9/openstack-heat-engine", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosp-rhel9/openstack-tripleoclient", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-4472", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugs.launchpad.net/horizon/+bug/1931558"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417321", "name": "RHBZ#2417321", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://review.opendev.org/c/openstack/mistral-dashboard/+/800952"}, {"url": "https://review.opendev.org/c/openstack/python-mistralclient/+/800950"}], "datePublic": "2025-11-26T17:51:33.136Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-73: External Control of File Name or Path", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2025-11-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-11-26T17:51:33.136000+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-27T15:20:14.875Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-26T18:56:51.745216Z", "id": "CVE-2021-4472", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-26T18:57:32.073Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-01T08:05:35.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-01T08:05:35.389Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-4472", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-26T18:56:51.745216Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-26T18:57:27.305Z"}}], "cna": {"title": "Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-aodh-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-aodh-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-aodh-evaluator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-aodh-listener", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-aodh-notifier", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-barbican-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-barbican-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-barbican-keystone-listener", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-barbican-worker", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ceilometer-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ceilometer-central", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ceilometer-compute", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ceilometer-ipmi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ceilometer-notification", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-cinder-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-cinder-backup", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-cinder-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-cinder-scheduler", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-cinder-volume", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-collectd", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-dependencies", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ec2-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-glance-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-glance-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-gnocchi-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-gnocchi-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-gnocchi-metricd", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-gnocchi-statsd", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-heat-all", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-heat-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-heat-api-cfn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-heat-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-heat-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-horizon", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-horizon-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ironic-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ironic-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ironic-conductor", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ironic-inspector", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ironic-neutron-agent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-ironic-pxe", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-keystone", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-keystone-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-manila-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-manila-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-manila-scheduler", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-manila-share", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-mistral-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-mistral-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-mistral-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-mistral-event-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-mistral-executor", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-dhcp-agent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-l3-agent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-metadata-agent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-metadata-agent-ovn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-openvswitch-agent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-server-opendaylight", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-server-ovn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-neutron-sriov-agent", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-compute", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-compute-ironic", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-conductor", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-consoleauth", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-novncproxy", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-placement-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-nova-scheduler", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-octavia-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-octavia-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-octavia-health-manager", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-octavia-housekeeping", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-octavia-worker", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-panko-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-panko-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-sahara-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-sahara-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-sahara-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-swift-account", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-swift-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-swift-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-swift-object", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-swift-proxy-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-tempest", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:13"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "packageName": "rhosp13/openstack-zaqar", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "python-mistralclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-heat-all", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-heat-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-heat-api-cfn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-heat-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-heat-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-mistral-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-mistral-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-mistral-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-mistral-event-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-mistral-executor", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-nova-scheduler", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "packageName": "rhosp-rhel8/openstack-tripleoclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "python-mistralclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel8/openstack-tripleoclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel9/openstack-heat-all", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel9/openstack-heat-api", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel9/openstack-heat-api-cfn", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel9/openstack-heat-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel9/openstack-heat-engine", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.1", "packageName": "rhosp-rhel9/openstack-tripleoclient", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-11-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-11-26T17:51:33.136000+00:00", "value": "Made public."}], "datePublic": "2025-11-26T17:51:33.136Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-4472", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugs.launchpad.net/horizon/+bug/1931558"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417321", "name": "RHBZ#2417321", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://review.opendev.org/c/openstack/mistral-dashboard/+/800952"}, {"url": "https://review.opendev.org/c/openstack/python-mistralclient/+/800950"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-27T15:20:14.875Z"}, "x_redhatCweChain": "CWE-73: External Control of File Name or Path"}}, "cveMetadata": {"cveId": "CVE-2021-4472", "state": "PUBLISHED", "dateUpdated": "2025-12-01T08:05:35.389Z", "dateReserved": "2025-11-26T18:01:35.320Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-11-26T18:31:10.457Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"bugzilla": {"description": "python-mistralclient: mistral-dashboard: Local file inclusion through the 'Create Workbook' feature", "id": "2417321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417321"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-73", "details": ["The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content."], "name": "CVE-2021-4472", "package_state": [{"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-aodh-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-aodh-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-aodh-evaluator", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-aodh-listener", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-aodh-notifier", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-barbican-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "package_name": "rhosp13/openstack-barbican-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-barbican-keystone-listener", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-barbican-worker", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ceilometer-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ceilometer-central", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ceilometer-compute", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ceilometer-ipmi", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ceilometer-notification", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-cinder-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-cinder-backup", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-cinder-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-cinder-scheduler", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-cinder-volume", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-collectd", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-dependencies", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ec2-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-glance-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-glance-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-gnocchi-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-gnocchi-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-gnocchi-metricd", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-gnocchi-statsd", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-heat-all", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-heat-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-heat-api-cfn", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-heat-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-heat-engine", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-horizon", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-horizon-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ironic-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ironic-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ironic-conductor", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ironic-inspector", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ironic-neutron-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-ironic-pxe", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-keystone", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-keystone-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-manila-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-manila-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-manila-scheduler", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-manila-share", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-mistral-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-mistral-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-mistral-engine", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-mistral-event-engine", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-mistral-executor", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-dhcp-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-l3-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-metadata-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-metadata-agent-ovn", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-openvswitch-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-server", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-server-opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-server-ovn", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-neutron-sriov-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-compute", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-compute-ironic", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-conductor", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-consoleauth", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-novncproxy", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-placement-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-nova-scheduler", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-octavia-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-octavia-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-octavia-health-manager", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-octavia-housekeeping", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-octavia-worker", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-panko-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-panko-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-sahara-api", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-sahara-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-sahara-engine", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-swift-account", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-swift-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-swift-container", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-swift-object", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-swift-proxy-server", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-tempest", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Under investigation", "package_name": "rhosp13/openstack-zaqar", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "python-mistralclient", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-heat-all", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-heat-api", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-heat-api-cfn", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-heat-base", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-heat-engine", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-mistral-api", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-mistral-base", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-mistral-engine", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-mistral-event-engine", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-mistral-executor", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-nova-scheduler", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-tripleoclient", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "python-mistralclient", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel8/openstack-tripleoclient", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/openstack-heat-all", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/openstack-heat-api", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/openstack-heat-api-cfn", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/openstack-heat-base", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/openstack-heat-engine", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Under investigation", "package_name": "rhosp-rhel9/openstack-tripleoclient", "product_name": "Red Hat OpenStack Platform 17.1"}], "public_date": "2025-11-26T17:51:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4472\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4472\nhttps://bugs.launchpad.net/horizon/+bug/1931558\nhttps://review.opendev.org/c/openstack/mistral-dashboard/+/800952\nhttps://review.opendev.org/c/openstack/python-mistralclient/+/800950"], "statement": "The vulnerability is present at the mistral-dashboard which is not shipped by any Red Hat products. The mistral-dashboard insecurely uses a feature of the python-mistralclient component which is not intended to be used in the server side.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object