Lucene search

[email protected]CVE-2013-1815

HistoryApr 10, 2013 - 3:55 p.m.

CVE-2013-1815

2013-04-1015:55:15

CWE-255

[email protected]

web.nvd.nist.gov

packstack

red hat openstack

security vulnerability

local users

system modification

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.

Affected configurations

NVD

Node

redhatopenstack_essexMatch-

redhatopenstack_folsomMatch-

redhatpackstackMatch2012.2.3

CPENameOperatorVersion
redhat:openstack_essexredhat openstack essexeq-
redhat:openstack_folsomredhat openstack folsomeq-
redhat:packstackredhat packstackeq2012.2.3

CPE	Name	Operator	Version
redhat:openstack_essex	redhat openstack essex	eq	-
redhat:openstack_folsom	redhat openstack folsom	eq	-
redhat:packstack	redhat packstack	eq	2012.2.3

References

rhn.redhat.com/errata/RHSA-2013-0671.html

bugzilla.redhat.com/show_bug.cgi?id=917904

exchange.xforce.ibmcloud.com/vulnerabilities/83017

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-1815

prion1 nvd1 redhat1 cvelist1