3 matches found
Authentication Bypass
The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could us...
CVE-2013-6426
The cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and 1 create a stack via the CreateStack method or 2 upda...
CVE-2013-6426
The CVE-2013-6426 issue affects OpenStack Heat’s cloudformation-compatible API, where policy enforcement was inadequate, allowing in-instance users to create or update stacks via CreateStack/UpdateStack and bypass restrictions. Public disclosures in SUSE and Red Hat advisories confirm the problem...