Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61130
HistoryDec 16, 2013 - 12:00 a.m.

OpenStack Neutron/Nova信息泄漏漏洞

2013-12-1600:00:00
Root
www.seebug.org
18

0.004 Low

EPSS

Percentile

73.8%

JSON

Bugtraq ID:64250
CVE ID:CVE-2013-6419

OpenStack Neutron提供一套标准化流程以创建网络、向其中接入网络设备并添加可通过API加以管理的其它网络组件。OpenStack Nova提供虚拟计算服务。

OpenStack Neutron/Nova对端口绑定缺少授权,通过猜测instance_id,租户可获取到其他租户的元数据数据,导致敏感信息泄漏。
0
OpenStack Neutron/Nova
厂商补丁:

OpenStack

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Icehouse (development branch) fix:
https://review.openstack.org/61439 (neutron)
https://review.openstack.org/61428 (nova)
Havana fix:
https://review.openstack.org/61442 (neutron)
https://review.openstack.org/61435 (nova)
Grizzly fix:
https://review.openstack.org/61443 (neutron)
https://review.openstack.org/61437 (nova)

Related

cve 1
redhat 2
veracode 4
prion 1
github 1
nvd 1
cvelist 1
ubuntucve 1
debiancve 1
cve
cve
CVE-2013-6419
2014-01-07 18:55:06
redhat
redhat
(RHSA-2014:0091) Moderate: openstack-neutron security, bug fix, and enhancement update
2014-01-22 00:00:00
(RHSA-2014:0231) Moderate: openstack-nova security and bug fix update
2014-03-04 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 08:57:53
Infomation Disclosure
2019-05-02 04:57:32
Privilege Escalation
2019-05-02 04:57:32
prion
prion
Design/Logic Flaw
2014-01-07 18:55:00
github
github
OpenStack Nova Router metadata queries are not restricted by tenant
2022-05-17 04:50:15
nvd
nvd
CVE-2013-6419
2014-01-07 18:55:06
cvelist
cvelist
CVE-2013-6419
2014-01-07 18:00:00
ubuntucve
ubuntucve
CVE-2013-6419
2013-12-11 00:00:00
debiancve
debiancve
CVE-2013-6419
2014-01-07 18:55:06

0.004 Low

EPSS

Percentile

73.8%

JSON
Related for SSV:61130
cve1redhat2veracode4prion1github1nvd1cvelist1ubuntucve1debiancve1