Privilege Escalation

2019-01-1508:59:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

openstack-nova is vulnerable to privilege escalation. The RBAC policies were not enforced for add_rules, remove_rules, destroy and other unspecified methods in compute/api.py when using non-default policies. A remote attacker is able to escalate privileges beyond the user group they belong to via the affected API calls.

CPENameOperatorVersion
openstack-novaeq2012.2.3__7.el6ost
openstack-novaeq2012.2.3__4.el6ost
openstack-novaeq2012.2.2__8.el6ost
openstack-novaeq2013.1.4__4.el6ost
openstack-novaeq2013.1.1__2.el6ost
openstack-novaeq2013.1.4__1.el6ost
openstack-novaeq2012.2__2.1.el6
openstack-novaeq2013.1.1__4.el6ost
openstack-novaeq2012.2.3__9.el6ost
openstack-novaeq2013.1.2__2.el6ost

Name	Operator	Version
openstack-nova	eq	2012.2.3__7.el6ost
openstack-nova	eq	2012.2.3__4.el6ost
openstack-nova	eq	2012.2.2__8.el6ost
openstack-nova	eq	2013.1.4__4.el6ost
openstack-nova	eq	2013.1.1__2.el6ost
openstack-nova	eq	2013.1.4__1.el6ost
openstack-nova	eq	2012.2__2.1.el6
openstack-nova	eq	2013.1.1__4.el6ost
openstack-nova	eq	2012.2.3__9.el6ost
openstack-nova	eq	2013.1.2__2.el6ost