CVE Vulnerabilities

CVE-2013-6426

Published: Dec 14, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
4 MODERATE
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V3
Ubuntu

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

Affected Software

Name Vendor Start Version End Version
Heat Openstack * 2013.2
OpenStack 4 for RHEL 6 RedHat openstack-heat-0:2013.2.1-4.el6ost *
Heat Ubuntu saucy *
Heat Ubuntu upstream *

References