Lucene search

PRIOn knowledge basePRION:CVE-2012-5483

HistoryDec 26, 2012 - 10:55 p.m.

Design/Logic Flaw

2012-12-2622:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

CPENameOperatorVersion
keystoneeq2012.1.3

CPE	Name	Operator	Version
	keystone	eq	2012.1.3

References

rhn.redhat.com/errata/RHSA-2012-1556.html

www.securityfocus.com/bid/56888

bugzilla.redhat.com/show_bug.cgi?id=873447

exchange.xforce.ibmcloud.com/vulnerabilities/80612

lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2012-5483