Lucene search
RootSSV:61133HistoryDec 16, 2013 - 12:00 a.m.
OpenStack Heat CFN策略安全绕过漏洞
2013-12-1600:00:00
Root
www.seebug.org
10
0.001 Low
EPSS
Percentile
51.2%
Bugtraq ID:64243
CVE ID:CVE-2013-6426
OpenStack Heat类似于亚马逊的CloudFormation,它可以基于政策对可能发生的情况定义一个模板。
OpenStack Heat默认API策略实施存在安全漏洞,通过调用CreateStack或UpdateStack方法,in-instance用户可创建或者更新与默认策略相冲突的栈。使用Heat’s cloudformation-compatible API的设置受此漏洞影响。
0
OpenStack Heat 2013.x
厂商补丁:
OpenStack
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Icehouse (development branch) fix:
https://review.openstack.org/61452
Havana fix:
https://review.openstack.org/61454
Related
debiancve
debiancve
CVE-2013-6426
2013-12-14 17:21:47
cvelist
cvelist
CVE-2013-6426
2013-12-14 17:00:00
cve
cve
CVE-2013-6426
2013-12-14 17:21:47
veracode
veracode
Authorization Bypass
2019-01-15 08:55:36
Authentication Bypass
2019-05-02 05:00:56
ubuntucve
ubuntucve
CVE-2013-6426
2013-12-11 00:00:00
nvd
nvd
CVE-2013-6426
2013-12-14 17:21:47
prion
prion
Stack overflow
2013-12-14 17:21:00
redhat
redhat