Lucene search

[email protected]CVE-2013-0266

HistoryMar 08, 2013 - 9:55 p.m.

CVE-2013-0266

2013-03-0821:55:01

CWE-362

[email protected]

web.nvd.nist.gov

cve-2013-0266

puppetlabs-cinder

packstack

openstack

security vulnerability

configuration files

local users

administrative passwords

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.

Affected configurations

NVD

Node

openstackessexMatch-

openstackfolsomMatch-

CPENameOperatorVersion
openstack:essexopenstack essexeq-
openstack:folsomopenstack folsomeq-

CPE	Name	Operator	Version
openstack:essex	openstack essex	eq	-
openstack:folsom	openstack folsom	eq	-

References

rhn.redhat.com/errata/RHSA-2013-0595.html

bugzilla.redhat.com/show_bug.cgi?id=908581

github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-0266

cvelist1 nvd1 prion1 redhat1