CVE Vulnerabilities

CVE-2013-6428

Published: Dec 14, 2013 | Modified: Mar 06, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
4 MODERATE
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.

Affected Software

Name Vendor Start Version End Version
Heat Openstack * 2013.2 (including)
OpenStack 4 for RHEL 6 RedHat openstack-heat-0:2013.2.1-4.el6ost *
Heat Ubuntu saucy *
Heat Ubuntu upstream *

References