CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2011.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:34

Type Values Removed Values Added
References () http://secunia.com/advisories/47543 - Vendor Advisory () http://secunia.com/advisories/47543 - Vendor Advisory
References () http://www.securityfocus.com/bid/51370 - () http://www.securityfocus.com/bid/51370 -
References () http://www.ubuntu.com/usn/USN-1326-1 - () http://www.ubuntu.com/usn/USN-1326-1 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/72296 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/72296 -
References () https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 - () https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 -
References () https://lists.launchpad.net/openstack/msg06648.html - Patch () https://lists.launchpad.net/openstack/msg06648.html - Patch

Information

Published : 2012-01-13 18:55

Updated : 2024-11-21 01:34


NVD link : CVE-2012-0030

Mitre link : CVE-2012-0030

CVE.ORG link : CVE-2012-0030


JSON object : View

Products Affected

openstack

  • essex
  • nova
CWE
CWE-264

Permissions, Privileges, and Access Controls