CVE-2013-6426

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:heat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2014-0090.html - () http://rhn.redhat.com/errata/RHSA-2014-0090.html -
References () http://www.openwall.com/lists/oss-security/2013/12/11/9 - () http://www.openwall.com/lists/oss-security/2013/12/11/9 -
References () http://www.securityfocus.com/bid/64243 - () http://www.securityfocus.com/bid/64243 -
References () https://bugs.launchpad.net/heat/+bug/1256049 - Exploit, Patch () https://bugs.launchpad.net/heat/+bug/1256049 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/89658 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/89658 -

Information

Published : 2013-12-14 17:21

Updated : 2024-11-21 01:59


NVD link : CVE-2013-6426

Mitre link : CVE-2013-6426

CVE.ORG link : CVE-2013-6426


JSON object : View

Products Affected

openstack

  • heat
CWE
CWE-264

Permissions, Privileges, and Access Controls