An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621
https://access.redhat.com/errata/RHSA-2017:1464