3 matches found
Authentication Bypass
The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could us...
DEBIAN-CVE-2013-6428
The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...
CVE-2013-6428
OpenStack Heat vulnerability (CVE-2013-6428) affects the Heat REST API in OpenStack Orchestration. The issue allows an authenticated remote user to bypass tenant scoping by modifying the tenant_id in the request path, potentially enabling privilege escalation. Public vendor advisories confirm the...