Lucene search

[email protected]CVE-2013-6426

HistoryDec 14, 2013 - 5:21 p.m.

CVE-2013-6426

2013-12-1417:21:47

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-6426

openstack

orchestration api

heat

security

policy enforcement

access restriction

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.2%

JSON

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

Affected configurations

NVD

Node

openstackheatRange≤2013.2

CPENameOperatorVersion
openstack:heatopenstack heatle2013.2

CPE	Name	Operator	Version
openstack:heat	openstack heat	le	2013.2

References

rhn.redhat.com/errata/RHSA-2014-0090.html

www.openwall.com/lists/oss-security/2013/12/11/9

www.securityfocus.com/bid/64243

bugs.launchpad.net/heat/+bug/1256049

exchange.xforce.ibmcloud.com/vulnerabilities/89658

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for CVE-2013-6426

seebug1 debiancve1 veracode2 ubuntucve1 nvd1 cvelist1 prion1 redhat1