Lucene search
CVE-2013-6426
The cloudformation-compatible API in OpenStack Orchestration API allows local in-instance users to bypass access restrictions
Show more
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | OpenStack Heat CFN策略安全绕过漏洞 | 16 Dec 201300:00 | – | seebug |
 | CVE-2013-6426 | 14 Dec 201317:21 | – | debiancve |
 | CVE-2013-6426 | 14 Dec 201317:00 | – | cvelist |
 | CVE-2013-6426 | 11 Dec 201300:00 | – | ubuntucve |
 | CVE-2013-6426 | 14 Dec 201317:21 | – | nvd |
 | Authorization Bypass | 15 Jan 201908:55 | – | veracode |
| Authentication Bypass | 2 May 201905:00 | – | veracode |
 | Stack overflow | 14 Dec 201317:21 | – | prion |
 | RHSA-2014:0090 Red Hat Security Advisory: openstack-heat security, bug fix, and enhancement update | 15 Sep 202421:16 | – | osv |
 | (RHSA-2014:0090) Moderate: openstack-heat security, bug fix, and enhancement update | 22 Jan 201400:00 | – | redhat |
10
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| stack_name | request body | /v1/stacks | The CreateStack method allows in-instance users to create stacks bypassing policy rules. | CWE-264 |
| template | request body | /v1/stacks | The CreateStack method allows in-instance users to create stacks bypassing policy rules. | CWE-264 |
| template | request body | /v1/stacks/{stack_id} | The UpdateStack method allows in-instance users to update stacks bypassing policy rules. | CWE-264 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Dec 2013 17:21Current
6.3Medium risk
Vulners AI Score6.3
CVSS24
EPSS0.0033